Skip to main content

AD CS Certificate Template

Step-by-Step Instructions

  1. Access Certificate Templates Console On the server running AD CS, open the "Certificate Templates Console". You can do this by running certtmpl.msc from the Run dialog or command prompt.
  2. Duplicate a Web Server Template In the Certificate Templates Console, find the "Web Server" template. Right-click on it and select "Duplicate Template". In the duplication window, choose "Windows Server 2003 Enterprise" for backward compatibility, or "Windows Server 2008" if all clients are newer.
  3. General Tab Settings In the "Properties of New Template" dialog, go to the "General" tab. Assign a new name to the template, e.g., "Wildcard SSL Certificate".
  4. Configure Compatibility Settings Under the "Compatibility" tab, set the "Certification Authority" to the minimum version of Windows Server that supports your environment. Do the same for "Certificate recipient".
  5. Request Handling Tab Go to the "Request Handling" tab. Ensure "Allow private key to be exported" is checked. This is important for SSL certificates as you might need to install them on multiple servers.
  6. Subject Name Tab In the "Subject Name" tab, select "Supply in the request". This setting allows the CSR (Certificate Signing Request) to determine the subject name, which is crucial for wildcard certificates.
  7. Extensions Tab Go to the "Extensions" tab. Make sure "Server Authentication" is listed under "Application Policies".
  8. Security Tab Under the "Security" tab, add the users or groups that should have permission to enroll the certificate. Typically, you would grant "Enroll" permissions to "Authenticated Users" or a specific group that manages certificates.
  9. Apply the Changes Click "OK" to save the template.
  10. Publish the New Template in AD CS Now, open the Certification Authority console by running certsrv.msc. Right-click on "Certificate Templates", choose "New", then "Certificate Template to Issue". In the "Enable Certificate Templates" dialog, select the new template you created ("Wildcard SSL Certificate") and click "OK".