Can someone please help me with the following question
I have set my AD CS environment, any allowed clients to renew certificates based on an existing certificate (this was of CES/CEP certificate based renewal for non-domain joined computers, but we do not need to worry about that I mention it only for background). This works OK
The issue is when the certificate is renewed it is in the ‘pending requests’ folder on the CA, which is expected as the certificate template (I am using a duplicate of the computer template) has the options
Under ‘Issuance Requirements’ there is a section near the bottom called ‘Require the following for reenrollment’
In this section there is a radial button named ‘Valid Existing Certificate’ with an associated check box entitled ‘Allow key based renewal’
I need to have ‘Allow key based renewal’ check in order that I can get CES/CEP certificate enrolment based on existing certificate working OK (which it does).
However the fields mentioned above (Valid Existing Certificate, and Allow key based renewal) are only available when you first select ‘CA Certificate Manager Approval’ at the top of the template, which means the request ends u in the ‘Pending requests’ folder on the CA awaiting manual intervention to approve the request.
I want to allow the client computer to ‘automatically’ renew (recall they are not domain joined which is why I am using CES/CEP) their certificate based on previously issued certificate which out intervention, e.g. straight to issued then the client pulling the certificate down and installing.
Any ideas please on how to overcome this?
I have placed a graphic of the certificate template at the following location.
https://1drv.ms/u/s!AqL5zUwOWToZgeg27wd1inRX21iKKw?e=oGS3KA
Thanks very much in advance
CXMelga
