Certificate Template Intro
in previous article , we have learned how to install ADCS and configure CA ,
each certificate client [ like web server IIS , or Exchange server OWA ,… etc. ]
need to create certificate template ti be used for security communication with that server
Create Certificate Template for Workstation and Client Authentication
This step is to create a certificate template that will enable your domain computers to request certificates from your PKI server.
Open Control Panel then go to Administrative Tools -> Certification Authority:
Right click Certificate Templates then Manage
Scroll down to Workstation Authentication, right click then select Duplicate Template:
On the General Tab enter a template display name then select a validity period. Click the two boxed options:
On the Security tab add Domain Computers as this will give permission to your Domain Computers. Check the boxes for Read and Autoenroll:
On the Extensions tab click Application Policies then Edit:
Click Add -> Server Authentication then Ok:
Ensure Server Authentication is selected then click Ok:
On the Subject Name tab click the DNS name box to add the DNS name to the SAN of the certificate. Click Apply and Ok:
You will now have a new template with the intended purposes of Client Authentication, Server Authentication. You can now close the Certificate Templates Console window.
Back on the Certification Authority window, right click Certification Template -> New -> Certificate Template to Issue:
Select the Certificate Template we created then click Ok. The custom template should now show under Certificate Templates.
create certificate template for exchange server
in next chapter we will create certificate template to be used for security Exchange OWA
