Make certificate or application policy critical

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

 

To make certificate or application policy critical

  1. Open Certificate Templates.

  2. In the details pane, right-click the certificate template that you want to change, and then click Properties.

  3. On the Extensions tab, click Issuance Policies or Application Policies and then click Edit.

  4. Select the Make this extension critical check box.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Certificate Templates, click Start, click Run, type certtmpl.msc, and then press ENTER.

  • This procedure is applicable to version 2 templates. For more information about version 2 templates, see Related Topics.

  • Certificate Policies are also known as Issuance Policies.

  • Clients must be re-enrolled to receive a certificate based on the changed template if they already have a valid certificate based on the old template. For more information about re-enrolling clients, see Related Topics.

See Also

Concepts

Create a new object identifier
Re-enroll all certificate holders
Version 2 certificate templates
Issuance policies
Application policies