Re: Help! Certificate Templates

From: Ellis George (egeorgeATddasoftDOTcom)
Date: 06/04/04


Date: Thu, 3 Jun 2004 18:08:01 -0400

http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx#XSLTsection126121120120

This and all other documentation I have been able to find indicates that
2003 Enterprise Edition isn't required.

Where is the documentation for this? Also the help files within Server 2003
do not indicate any requirement for 2003 Enterprise Edition.

Here is a direct copy:

What's New in Windows Server 2003
Version 2 Certificate Templates
Windows 2000 and Windows XP Professional PKI use certificate templates that
are stored in Active Directory. These templates provide the default contents
of a certificate request to an enterprise CA-as opposed to using a
standalone CA. Policy management in an Active Directory environment is
provided through the use of certificate templates.

Enterprise CAs use certificate templates to determine authentication,
certificate format, cryptographic service provider (CSP), key size, and
X.509 extension requirements. To allow for a registration authority, CA
officer, and other approvals, Windows XP Professional templates have been
extended to merge the signing and authentication requirements necessary to
issue a certificate.

Version 1 and Version 2 Certificate Templates

Version 1 Templates

Windows 2000 Server and Windows 2000 Professional clients support a default
set of certificate templates in the Active Directory that cannot be
customized or added to. These are Version 1 templates. Version 1 templates
can only be used as defined or copied.

Version 2 Templates

Windows Server 2003 extends the range of properties that can be configured
in a Version 1 template. These extensions include the ability to:

      . Create new certificate templates

      . Copy existing templates

      . Supersede templates already in use

Using Windows Server 2003, Version 2 templates can be edited to meet the
needs of an application or the enterprise. When a Version 1 template is
copied, it is automatically updated and becomes a Version 2 template.

"Shawn Corey [MSFT]" <shawncor@online.microsoft.com> wrote in message
news:uwse2gaSEHA.240@TK2MSFTNGP11.phx.gbl...
> What SKU is running on the CA? Custom templates are only available on
> Win2003 Enterprise Edition. Right clicking on the Certificate Templates
node
> and selecting New->Template to Issue will bring up the list of available
> template that can be added for the CA to issue.
>
> --
> Thanks,
> Shawn
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Ellis George" <egeorgeATddasoftDOTcom> wrote in message
> news:OjgHe7ZSEHA.1308@TK2MSFTNGP10.phx.gbl...
> > I have attempted to create a new smart card template. The
> > new template shows up in the Certificate Template MMC,
> > however, when I attempt to use it as a new certificate to
> > issue I am unable to add it to the CA.
> >
> > I was logged on to the CA as an Enterprise Admin.
> >
> > This is a completely clean Windows 2003 install, the Domain
> > and all machines are recently installed.
> >
> > DC's and CA's are on the same machines. DC1 is Enterprise
> > Root CA, DC2 is Subordinate CA. All updates were applied
> > prior to DCpromo and installation of IIS and certificate
> > authorities.
> > How do I get the new template to show up as an issuable
> > certificate?
> >
> >
>
>



Relevant Pages

  • Re: Adding the Certificate Templates to the Certification Authority
    ... version 2 templates are only available from a W2003 Enterprise CA. ... though MS does have 802.1X download for Windows 2000. ... to use PEAP which does not require certificates on the clients. ...
    (microsoft.public.security)
  • Re: Microsoft CA certificates expiration
    ... >If you are talking about the enterprise CA in Windows ... 2000 and templates, ... >> generated when using MS certificate server to longer ...
    (microsoft.public.win2000.security)
  • Re: Certificate Template
    ... You can't change validity period of templates in Windows 2000 CA. ... this on Windows 2003 Enterprise CA (you will need Windows 2003 Enterprise ...
    (microsoft.public.security)
  • Re: Difference between 2003 edition for PKI functionnality
    ... The Enterprise edition of Windows Server 2003 allows for the use of version ... certificate templates for Enterprise CAs. ... Enterprise edition also allows for auto-enrollment to Windows XP and greater ...
    (microsoft.public.windows.server.security)
  • Adding the Certificate Templates to the Certification Authority
    ... Still following the Microsoft Securing WLANs deployment guide. ... The Certificate Templates say the "Minimum supported CAs" are Windows 2003, ... Is there a "Build Guide for Securing Wireless LANS - A Windows Server ...
    (microsoft.public.security)