Certificate autoenrollment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Certificate autoenrollment

Administrators of a network frequently require certificates users and computers to hold one or more certificates. The manual certificate enrollment process for a user can be somewhat confusing and time-consuming. The administrator may not have control of the enrollment process, so many users or computers could get useless or incorrect certificates. A process for obtaining, storing and updating the certificates for subjects without intervention is ideal. That is the purpose of certificate autoenrollment.

Certificate autoenrollment is a process that allows clients to automatically submit certificate requests to a certification authority and retrieve and store issued certificates. It is controlled by the administrator so the certificates are obtained by the appropriate subject with the correct settings. Periodically the client computer will check for any autoenrollment tasks that may be required and perform them. This includes requesting new certificates, retrieving fulfilled requests from a certification authority, or renewing an existing certificate.

Although the process is automatic, starting the process manually may be desired. The Certificates snap-in has a menu option to trigger certificate autoenrollment for the current user or local computer immediately.

For more information, see Trigger automatic enrollment for certificates and Certificate Services example implementation: Establishing autoenrollment for user certificates