Configure the Server Certificate Template

 

Applies To: Windows Server 2012

You can use this procedure to configure the certificate template that Active Directory® Certificate Services (AD CS) uses as the basis for server certificates enrolled to servers running Network Policy Server (NPS), Routing and Remote Access Service (RRAS), or both.

Membership in both the Enterprise Admins and the root domain's Domain Admins group is the minimum required to complete this procedure.

To configure the certificate template

  1. On CA1, in Server Manager, click Tools, and then click Certification Authority. The Certification Authority Microsoft Management Console (MMC) opens.

  2. In the MMC, double-click the CA name, right-click Certificate Templates, and then click Manage.

  3. The Certificate Templates console opens. All of the certificate templates are displayed in the details pane.

  4. In the details pane, click the RAS and IAS Server template.

  5. Click the Action menu, and then click Duplicate Template. The template Properties dialog box opens.

  6. Click the Security tab. In Group or user names, click RAS and IAS servers.

  7. In Permissions for RAS and IAS servers, under Allow, ensure that Enroll is selected, and then select the Autoenroll check box. Click OK, and close the Certificate Templates MMC.

  8. In the Certification Authority MMC, click Certificate Templates. On the Action menu, point to New, and then click Certificate Template to Issue. The Enable Certificate Templates dialog box opens.

  9. In Enable Certificate Templates, click the name of the certificate template that you just configured, and then click OK. For example, if you did not change the default certificate template name, click Copy of RAS and IAS Server, and then click OK.