Add an issuance policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To add an issuance policy

Open Certificate Templates.
In the details pane, right-click the certificate template that you want to change, and then click Properties.
On the Extensions tab, click Issuance Policies, and then click Edit.
In Edit Issuance Policies Extension, click Add.
In Add Issuance Policy, click New.
Provide the requested information.

Notes

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open Certificate Templates, click Start, click Run, type certtmpl.msc, and then press Enter.
This procedure is applicable to version 2 templates. For more information about version 2 templates, see Related Topics.
Issuance Policies are also known as Certificate Policies.
You can optionally fill out the CPS Location with a URI. For example, the Microsoft CPS is located at https://www.microsoft.com/pki/rms/cps/. For more information, see Creating Certificate Policies and Certificate Practice Statements (https://go.microsoft.com/fwlink/?LinkId=205512).
Clients must be re-enrolled to receive a certificate based on the changed template if they already have a valid certificate based on the old template. For more information about re-enrolling clients, see Related Topics.