Print

Creating a certificate template for Server Certificates on the Microsoft CA Server

About this task

Use the following procedure to create a server certificate template, for the Microsoft CA Server, that provides client authentication and server authentication. After you create the CA certificate template, each server certificate you request will provide client authentication and server authentication.

Procedure

  1. On the Microsoft Enterprise CA server, start the Certification Authority Microsoft Management Console (MMC) snap-in.
  2. In the left pane of the Certification Authority MMC snap-in, expand the Certification Authority node, right-click on Certificate Templates, and select Manage to start the Certificate Templates MMC snap-in.
  3. In the right pane of the Certificate Templates MMC snap-in, right-click on the Web Server template, and select Duplicate Template.
  4. In the Properties of New Template dialog box, select the General tab, and complete the following fields:
    • Template display name -- to complete this field enter a descriptive name for the template display; for example: "Web Server Cert with Client and Server Authentication".

    • Template name -- to complete this field enter a descriptive name for the template; for example: "WebServerCertClientServerAuthen"

  5. In the Properties of New Template dialog box, select the Request Handling tab. Verify that Purpose is set to Signature and encryption, and then click CSPs...
  6. In the CSP Selection dialog box, select the Requests must use one of the following CSPs button. In the CSPs: list, select the Microsoft Enhanced Cryptographic Provider v1.0 checkbox for , and click OK.
  7. In the Properties of New Template dialog box select the Subject Name tab and verify that Supply in the request is selected.
  8. In the Properties of New Template dialog box, select the Extensions tab. In the Extensions included in this template section, select Application Policies and click Edit.
  9. In the Edit Application Policies Extension dialog box, click Add.
  10. In the Add Application Policy dialog box, select Client Authentication and click OK.
  11. In the Edit Application Policies Extension dialog box check the Application policies list, and verify that both Server Authentication and Client Authentication are included. Click OK.
  12. In the Properties of New Template dialog box, click OK.
  13. In the Certification Authority MMC snap-in, expand the Certification Authority node. Right-click Certificate Templates, and select New > Certificate Template to Issue.
  14. In the Enable Certificate Templates dialog box, select the Certificate Template created in Steps 3 -12 (based on the example, select WebServerCertClientServerAuthen) and click OK.