This exercise shows you how to enable automatic enrollment for the CA.
- You will use an enterprise CA to complete this exercise.
- Open the Security Policy GPO in the Administrative Tools folder.
- Open the GPO’s Computer Configuration node, then open Windows Settings ? Security Settings, and expand the Public Key Policies node. This exposes four subfolders beneath the Public Key Policies node.
- Right-click the Automatic Certificate Request Settings folder under the Public Key Policies node, and select New ? Automatic Certificate Request. This starts the Automatic Certificate Request Wizard.
- Click Next to get past the wizard’s introductory page. When the Certificate Template page appears, it lists all the types of certificates that can be automatically issued to computers. Normally, you’ll use the basic Computer type, but separate types exist for domain controllers and devices that participate in IPSec. Select the template type you want to use, then click the Next button. Click Finish to close the Wizard.
- Once you’ve completed these steps, the new request appears as an item in the Automatic Certificate Request Settings folder; you can edit or remove it later by selecting it and using the commands in the Action menu.
