Checklist: Configuring certificate autoenrollment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Checklist: Configuring certificate autoenrollment

Step Reference

Install and configure an enterprise certification authority (CA)

Install an enterprise root certification authority; Install an enterprise subordinate certification authority

Create a new certificate template

Create a new certificate template

Configure the certificate template to provide the intended functionality for the certificate

Modify a Certificate Template

Configure the certificate template to allow autoenrollment

Planning for autoenrollment deployment

Grant Enroll and Autoenroll permissions for the certificate template to intended users

Allow subjects to request a certificate that is based on the template

Configure the certification authority to issue certificates based on the template

Add a certificate template to a certification authority

Configure Active Directory directory service users to request certificates with autoenrollment

Certificate Services example implementation: Establishing autoenrollment for user certificates

(Optional) Retrieve updated Group Policy information before scheduled replication occurs



  • Windows Server 2003, Enterprise Edition or Windows Server 2003, Datacenter Edition is required to configure version 2 certificate templates for autoenrollment requests. However, autoenrollment manages certificates or pending certificate requests that are based on any version of certificate template.