………
Certificate Enrollment Methods
Method Use
• To automate the request, retrieval, and storage of certificates for domain-based computers
• To request certificates by using the Certificates console or Certreq.exe, when the requestor cannot communicate directly with the CA
• To request certificates from a Web site located on a CA
• To issue certificates when autoenrollment is not available
• To provide a CA administrator the right to request certificates on behalf of another user
Web Enrollment
Manual Enrollment
Autoenrollment
Enrollment Agents
Demonstration: How To Manually Obtain a Certificate for a Web Service
• To use IIS and perform Web site enrollment by using one of the manual enrollment methods
Discussion: Benefits and Uses of Autoenrollment
• How can autoenrollment simplify certificate management in your organization?
• What are the examples of applications that can benefit from autoenrollment?
Functioning of Autoenrollment
A certificate template is configured to allow, enroll, and autoenroll permissions for users who receive the certificates.
The client machine receives the certificates during the next Group Policy refresh interval.
An Active Directory® Group Policy Object (GPO) is created to enable autoenrollment. The GPO is linked to the appropriate site, domain, or organizational unit.
The CA is configured to issue the template.
Certificate Template
Certificate Authority
GPO
Client Machine
Demonstration: How To Configure an Online Responder
• To configure the CA to support the Online Responder
• To install and configure the Online Responder role service
What Are Certificate Templates?
• Format and contents of a certificate
• Process of creating and submitting a valid certificate request
• Security principles that are allowed to read, enroll, or autoenroll for a certificate
• Permissions to read, enroll, autoenroll, or modify a certificate template
Certificate templates define the: