設定伺服器的憑證範本Configure the Server Certificate Template

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用此程序設定憑證範本 Active Directory®憑證 Services (AD CS) 使用為基礎的伺服器上您的網路退出伺服器的憑證。You can use this procedure to configure the certificate template that Active Directory® Certificate Services (AD CS) uses as the basis for server certificates that are enrolled to servers on your network.

設定此範本,您可以指定的伺服器來應該伺服器的憑證會自動接收 AD CS 的 Active Directory 群組。While configuring this template, you can specify the servers by Active Directory group that should automatically receive a server certificate from AD CS.

下列程序包含設定伺服器下列類型的所有發行憑證範本指示:The procedure below includes instructions for configuring the template to issue certificates to all of the following server types:

  • 執行遠端存取服務,包括 RAS 閘道伺服器成員的伺服器] RAS 及 IAS 伺服器]群組。Servers that are running the Remote Access service, including RAS Gateway servers, that are members of the RAS and IAS Servers group.
  • 正在執行的網路原則 Server (NPS) 服務,伺服器的成員RAS 及 IAS 伺服器]群組。Servers that are running the Network Policy Server (NPS) service that are members of the RAS and IAS Servers group.

同時成員資格企業系統管理員並根網域的網域系統管理員」群組是才能完成此程序最小值。Membership in both the Enterprise Admins and the root domain's Domain Admins group is the minimum required to complete this procedure.

若要設定憑證範本To configure the certificate template

  1. CA1,在伺服器管理員中,按一下 [工具,然後按憑證授權單位On CA1, in Server Manager, click Tools, and then click Certification Authority. 開啟憑證授權單位 Microsoft Management Console (MMC)。The Certification Authority Microsoft Management Console (MMC) opens.

  2. 在 MMC 中,按兩下 [CA 名稱,以滑鼠右鍵按一下憑證範本,然後按管理In the MMC, double-click the CA name, right-click Certificate Templates, and then click Manage.

  3. [憑證範本主控台開啟。The Certificate Templates console opens. 詳細資料窗格中會顯示所有的憑證範本。All of the certificate templates are displayed in the details pane.

  4. 在詳細資料窗格中,按一下RAS 及 IAS 伺服器範本。In the details pane, click the RAS and IAS Server template.

  5. 按一下動作,然後再按複製範本Click the Action menu, and then click Duplicate Template. 範本屬性對話方塊。The template Properties dialog box opens.

  6. 按一下安全性索引標籤。Click the Security tab.

  7. 安全性索引標籤的群組或使用者名稱,按一下 [ RAS 及 IAS 伺服器]On the Security tab, in Group or user names, click RAS and IAS servers.

  8. 伺服器 RAS 及 IAS 的權限允許,確保Enroll會已選取,然後選取註冊核取方塊。In Permissions for RAS and IAS servers, under Allow, ensure that Enroll is selected, and then select the Autoenroll check box. 按一下[確定],然後關閉 [憑證範本 MMC。Click OK, and close the Certificate Templates MMC.

  9. 在憑證授權單位 MMC 中,按一下 [憑證範本In the Certification Authority MMC, click Certificate Templates. 動作功能表上,指向 [,,然後按一下 [憑證範本]On the Action menu, point to New, and then click Certificate Template to Issue. 讓憑證範本對話方塊。The Enable Certificate Templates dialog box opens.

  10. 讓憑證範本,按一下 [設定] 的憑證範本您剛才的名稱,然後按一下[確定]In Enable Certificate Templates, click the name of the certificate template that you just configured, and then click OK. 例如,如果您未變更預設的憑證範本名稱,按一下的 RAS 複製及 IAS 伺服器,然後按一下 [ [確定]For example, if you did not change the default certificate template name, click Copy of RAS and IAS Server, and then click OK.