According to the article here, it is required to have the certificate template setting “Supply in the request and Use subject information from existing certificates for autoenrollment renewal requests” in order to configure certificate key-based renewal via CEP and CES.
Is it possible to issue the initial certificate by having Subject name via “Build from this Active Directory information” setting and for renewals use the key based authentication?
The background to this question is, I have some technical user accounts (with Active Directory) where the initial certificate needs to be issued using AD information (Subject Name - Supply in the request is not an option here). Then these certificates will be exported out to some other non-domain joined machines where they will be used in some applications. So, the renewals need to happen in these non-domain joined machines.