Solved

PKI Template has been configured but not being deployed ?

Posted on 2015-01-30
1
132 Views
Last Modified: 2015-02-12
Hi Everyone,

I have deployed a 3-tier PKI infrastructure in a Windows 2008 R2 envinronment.  There is a GPO in place for auto-enrollement of certigicates via a GPO.  Attached to the GPO is a security filter which has a group that only contains computer objects to deploy certificates to. I have copied the Computer template, duplicated and called 'Test AE'.  When I open the certificate on the test server, the 'Geneeral' tab displays the purpose of the certificate as 'All applications policies'.  If I click on the 'Details' tab and scroll down, where it details 'Certificate Template Name' the value is SubCA.  I expect the 'Certificate Template Name' to be 'Test AE' ?  

In the AD CS management console under 'Certificate Templatres' it does have the 'Test AE' displayed.  Also, the template on the security setting has the group I associated in AD to the GPO.  I have the group with 'Read','Enroll' and 'Autoenroll' configured.

Does anyone have any ideas as to why this is happening ?
0
Comment
Question by:CaussyR
1 Comment
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40579600
The certificate you seen is from subordinate CA and I don't think it is got deployed through GPO
Delete that cert from test server and run gpupdate /force again to see what certificate is getting installed

do not duplicate computer certificate, it is default certificate template
U can directly use it via GPO, in GPO, under "computer configuration\policies\windows settings\security settings\ public key policies" enable certificate enrollment and auto enrollment
Then navigate to automatic certificate request settings and add "computer" certificate template there which will take care of auto enrollment
https://technet.microsoft.com/en-us/library/dd379529(v=ws.10).aspx

If you wanted just client authentication, do above auto enrollment settings in policy and duplicate workstation authentication certificate and check if it works
Because computer template contains both server authentication and client authentication
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Auto Smartport macro for Dell and HP laptops 2 53
Windows 10 IE Certificate Issue 10 41
File Sharing with Apple and Windows 7 39
Windows 10 Mail Sync Error 6 28
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now