Certificate Template Concepts

Applies To: Windows Server 2008 R2

Certificate templates are an integral part of an enterprise certification authority (CA). They are an important element of the certificate policy for an environment, which is the set of rules and formats for certificate enrollment, use, and management.

When a CA receives a request for a certificate, groups of rules and settings must be applied to that request to perform the requested function, such as certificate issuance or renewal. These rules can be simple or complex and may apply to all users or specific groups of users. Certificate templates are the sets of rules and settings that are configured on a CA to be applied against incoming certificate requests. Certificate templates also give instructions to the client on how to create and submit a valid certificate request.

Certificates based on a certificate template can only be issued by an enterprise CA. The templates are stored in Active Directory Domain Services (AD DS) for use by every CA in the forest. This allows the CA to always have access to the current standard template and ensures consistent application of the certificate policy across the forest.

Administrators of Windows Server 2008–based enterprise CAs can use a number of predefined certificate templates. For more information, see Default Certificate Templates.

Certificate templates introduced in Windows Server 2008, Windows Server 2003, and Windows 2000 have different levels of configurability. For more information, see Certificate Template Versions.