Certificate Template Versions

Applies To: Windows Server 2008 R2

Active Directory Certificate Services (AD CS) provides these versions of certificate templates that are available on enterprise certification authorities (CA).

Version 1 certificate templates

Version 1 certificate templates support general certificate needs and provide compatibility with clients and issuing CAs running Windows 2000 operating systems. Version 1 templates are installed by default during CA setup and cannot be deleted. The only property that can be modified on a version 1 template is the set of assigned permissions that controls access to the template.

Enrollment options

  • Automatic enrollment

    • Custom scripts

    • Automatic certificate request settings in Group Policy can be used only for computer certificates

  • Manual enrollment

    • Certificates snap-in

    • CA Web enrollment pages

Template availability

  • Windows Server 2008 R2, all editions

  • Windows Server 2008, all editions

  • Windows Server 2003 R2, all editions

  • Windows Server 2003, all editions

  • Windows 2000 Server, all editions

Version 2 certificate templates

Version 2 certificate templates were introduced in Windows Server 2003 and can be configured by an administrator to control the way certificates are requested, issued, and used. Version 2 templates provide support for certificate autoenrollment.

Enrollment options

  • Automatic enrollment

    • Autoenrollment in Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Professional

    • Custom scripts

  • Manual enrollment

    • Certificate Enrollment Wizard

    • CA Web enrollment pages

Template availability

  • Windows Server 2008 R2, all editions

  • Windows Server 2008, Enterprise and Datacenter editions

  • Windows Server 2003 R2, Enterprise and Datacenter editions

  • Windows Server 2003, Enterprise and Datacenter editions

Version 3 certificate templates

In addition to version 2 template features and autoenrollment, version 3 certificate templates provide support for Suite B cryptographic algorithms. Suite B was created by the U.S. National Security Agency to specify cryptographic algorithms that must be used by U.S. government agencies to secure confidential information.

Template availability

  • Windows Server 2008 R2, all editions

  • Windows Server 2008, Enterprise and Datacenter editions

Additional references