Setup Server 2019 Enterprise CA 5/5: Deploy Policy Templates

Posted on: September 25, 2019, by :
Previous: Setup Group Policy


After Setting up an Enterprise CA some Certificate policies are available without additional configuration. In this post I will demonstrate how to add Certificate Template and publish it.

Deploy Policy Templates


1. On the Subordinate CA start the “Certification Authority” and select “Certificate Templates”. In the right pane all the out of the box templates are visible. These can be requested by Users, Computers, etc depending on the type.


2. To add a new template rightclick “Certificat Templates” and select “Manage”


3. An overview with all available templates will appear.


4. To avoid editing the original template Rightclick the template and select “Duplicate Template”


5. Give the new template a unique name and press “OK”


6. Rightclick “Certificat Templates” and select “New” -> “Certificate Template to Issue”


7. Select in the “Enable Certificate Templates” list the template which was created and press “OK”


8. The certificate is now visible in the “Certificate Templates” Pane


Test the certificate

9. Logon to a domain joined computer. Start “MMC” and select “file” -> “Add/Remove Snap-in”.


10. Select the “Certificates” snap-in and press “Add”.


11. Select “My user account” in the Certificates snap-in popup and press “Finish”. Press “OK” to close the snap-in manager. (Only select “my user account” for user templates, for computer related templates select “Computer account”)


12. Rightclick “Personal” and select “All Tasks” -> “Request New Certificate”


13. Press “Next”


14. Press “Next” (by default “Active Directory Enrollment Policy” is selected)


15. In the “Request Certificates” overview all available user related policy templates are displayed. The created template should appear. Check the box of the created template and press “Enroll”


16. The template will be requested. After a while the status should be “Succeeded”. Press “Finish” to continue.


17. The new certificate is now visible.


18. When you doubleclick the Certificate and select “Certification Path” you should see the RootCA, SubordinateCA and requested Certificate. All Certificates should be “OK”


This was the final post of the Setup Server 2019 Enterprise CA tutorial.

Add a comment if you have questions.



Leave a Reply

Your email address will not be published. Required fields are marked *