Certificate This template is used for certificates issued to LRA ADM and LRA Operators only, so they will be able to issue certificates to regular usersUsers. Image Removed Image Added Setup Certificate Template - description | View |
---|
General: - Validity = 3 years
- Renewal Period = 6 weeks
- Published in Active Directory
| | Request Handling: - Purpose = Signature means that the operator who is requesting the
certificate is signing the request with the Enrollment Agent certificate - Key Size = 1024
- Enroll Subject without requiring any user inputuser input, which means you do
not need to supplement the certificate with additional information, as the information is obtained from the user account logged in.
|
| Subject Name: - Name is obtained from Active Directory based on the Fully Distinguished distinguished
name and the user's UPN
|
| Issuance Requirements: - This number of authorized signatures = 1
- Policy = Application Policy and Certificate Request Agent
- Reenrollment = Same criteria as for enrollment
| | Suspended templates: | | Extensions: - Application Policies = Certificate Request Agent
| | Extensions: - Certificate Template information
- Issuance Policies = Default
(Certificate policies are also known as issuance policies) | | Extensions: - Key Usage
- Digitale Signature
- Critical Extension
| | | | Security: These settings determine the privileges for the Certificate for read, modify and enroll of enroll of certificate. Only the DL_CA_ADM and the DL_LRA_ADM groups should this certificate via auto Enrollment. - Authenticated Users = Read
- DL_CA_Admins = Read, Write, Enroll
- DL_CA_LRA_Admins = Read, Enroll
- Domain Admins = Read, Write
- Enterprise Admins = Read, Write
| |
|