we can request certficates using a rather user friendly web interface.
- The CA must request a certificate for itself so we can enable SSL.
- We cannot request a certificate because SSL is not enabled (and the existing CA certificate cannot be used for a website).
This is where we must pay attention!
If we do not want to use web enrollment, we can use a Windows 2008 template as shown below:
Second, clients need both read and enroll permissions to request the certificate:
Note: it is possible for certain certificates to have multiple roles.
When we finish, we have an additional template configured for our specific needs:
We select the PKI Web Server certificate template we just duplicated:
The certificate template is now ready for use:
To be continued...