Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
You can use this procedure to configure the certificate template that Active Directory® Certificate Services (AD CS) uses as the basis for server certificates that are enrolled to servers on your network.
While configuring this template, you can specify the servers by Active Directory group that should automatically receive a server certificate from AD CS.
The procedure below includes instructions for configuring the template to issue certificates to all of the following server types:
Servers that are running the Remote Access service, including RAS Gateway servers, that are members of the RAS and IAS Servers group.
Servers that are running the Network Policy Server (NPS) service that are members of the RAS and IAS Servers group.
Membership in both the Enterprise Admins and the root domain's Domain Admins group is the minimum required to complete this procedure.
To configure the certificate template
On CA1, in Server Manager, click Tools, and then click Certification Authority. The Certification Authority Microsoft Management Console (MMC) opens.
In the MMC, double-click the CA name, right-click Certificate Templates, and then click Manage.
The Certificate Templates console opens. All of the certificate templates are displayed in the details pane.
In the details pane, click the RAS and IAS Server template.
Click the Action menu, and then click Duplicate Template. The template Properties dialog box opens.
Click the Security tab.
On the Security tab, in Group or user names, click RAS and IAS servers.
In Permissions for RAS and IAS servers, under Allow, ensure that Enroll is selected, and then select the Autoenroll check box. Click OK, and close the Certificate Templates MMC.
In the Certification Authority MMC, click Certificate Templates. On the Action menu, point to New, and then click Certificate Template to Issue. The Enable Certificate Templates dialog box opens.
In Enable Certificate Templates, click the name of the certificate template that you just configured, and then click OK. For example, if you did not change the default certificate template name, click Copy of RAS and IAS Server, and then click OK.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
It is the Certificate Template that specifies the data that must be included in a certificate for it to function as well as to ensure that all of the needed data are provided to ensure the certificate's validity.
Certificate templates also give instructions to the client on how to create and submit a valid certificate request. Only an enterprise CA can issue certificates based on a certificate template. The templates are stored in Active Directory Domain Services (AD DS) for use by every CA in the forest.
Certificate templates can be accessed from the Workplace launcher or via Site administration > Certificates > Manage certificate templates. The permission Manage certificates (tool/certificate:manage) has to be granted to access this feature. You see a list of certificate templates.
Click File, and then click Add/Remove Snap-in. In the available snap-ins list, click Certificate Templates, and then click Add. Certificate Templates is now located under Console Root in the MMC. Double-click it to view all the available certificate templates.
A Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate provides encryption capabilities for ensuring secure data transmission between your customers' web browsers and your website server.
If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server's public key. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
Select Start > Administrative Tools > Server Manager, right click Server Manager and choose Add Features.
Open Remote Server Administration Tools > Role Administration Tools > Active Directory Certificate Services Tools and select Certification Authority Tools.
Introduction: My name is Rueben Jacobs, I am a cooperative, beautiful, kind, comfortable, glamorous, open, magnificent person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.