Re: Help! Certificate Templates

From: Ellis George (egeorgeATddasoftDOTcom)
Date: 06/04/04


Date: Thu, 3 Jun 2004 18:08:01 -0400

http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx#XSLTsection126121120120

This and all other documentation I have been able to find indicates that
2003 Enterprise Edition isn't required.

Where is the documentation for this? Also the help files within Server 2003
do not indicate any requirement for 2003 Enterprise Edition.

Here is a direct copy:

What's New in Windows Server 2003
Version 2 Certificate Templates
Windows 2000 and Windows XP Professional PKI use certificate templates that
are stored in Active Directory. These templates provide the default contents
of a certificate request to an enterprise CA-as opposed to using a
standalone CA. Policy management in an Active Directory environment is
provided through the use of certificate templates.

Enterprise CAs use certificate templates to determine authentication,
certificate format, cryptographic service provider (CSP), key size, and
X.509 extension requirements. To allow for a registration authority, CA
officer, and other approvals, Windows XP Professional templates have been
extended to merge the signing and authentication requirements necessary to
issue a certificate.

Version 1 and Version 2 Certificate Templates

Version 1 Templates

Windows 2000 Server and Windows 2000 Professional clients support a default
set of certificate templates in the Active Directory that cannot be
customized or added to. These are Version 1 templates. Version 1 templates
can only be used as defined or copied.

Version 2 Templates

Windows Server 2003 extends the range of properties that can be configured
in a Version 1 template. These extensions include the ability to:

      . Create new certificate templates

      . Copy existing templates

      . Supersede templates already in use

Using Windows Server 2003, Version 2 templates can be edited to meet the
needs of an application or the enterprise. When a Version 1 template is
copied, it is automatically updated and becomes a Version 2 template.

"Shawn Corey [MSFT]" <shawncor@online.microsoft.com> wrote in message
news:uwse2gaSEHA.240@TK2MSFTNGP11.phx.gbl...
> What SKU is running on the CA? Custom templates are only available on
> Win2003 Enterprise Edition. Right clicking on the Certificate Templates
node
> and selecting New->Template to Issue will bring up the list of available
> template that can be added for the CA to issue.
>
> --
> Thanks,
> Shawn
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Ellis George" <egeorgeATddasoftDOTcom> wrote in message
> news:OjgHe7ZSEHA.1308@TK2MSFTNGP10.phx.gbl...
> > I have attempted to create a new smart card template. The
> > new template shows up in the Certificate Template MMC,
> > however, when I attempt to use it as a new certificate to
> > issue I am unable to add it to the CA.
> >
> > I was logged on to the CA as an Enterprise Admin.
> >
> > This is a completely clean Windows 2003 install, the Domain
> > and all machines are recently installed.
> >
> > DC's and CA's are on the same machines. DC1 is Enterprise
> > Root CA, DC2 is Subordinate CA. All updates were applied
> > prior to DCpromo and installation of IIS and certificate
> > authorities.
> > How do I get the new template to show up as an issuable
> > certificate?
> >
> >
>
>