Certificate autoenrollment group policy windows 2008

Windows Server TechCenter. Sign in. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums. Sign in to vote. I need to document validate several things before I can close my project. How often is the revocation list updated? Where do I check that? Friday, September 30, PM. Tuesday, October 4, PM. Item 1: revocation Using the mmc ca snapin. Item 2: crl update That is upto you and how you design your pki.

Item 3: Autoenrollment You can test autoenrollment by enabling a template for autoenrollment. Saturday, October 1, AM. Monday, October 3, PM. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Ask Question. Asked 9 years, 5 months ago. Active 5 years, 10 months ago. Viewed 6k times. Update: I tried the site MarkHenderson linked , which is promising, and offers much better certificate manageability, buts still doesn't quite get there.

Improve this question. HopelessN00b HopelessN00b 53k 31 31 gold badges silver badges bronze badges. Add a comment. Active Oldest Votes. Improve this answer. Mark Henderson Mark Henderson I bow to your superior Google-Fu, and will try this tomorrow. Almost brilliant, dammit. Cannot revoke a "time valid" issued or revoked certificate because certserv won't let you.

So I guess I'm taking the server offline-ish, jumping the clock ahead a couple years and then trying this. Paul Ackerman Paul Ackerman 2, 15 15 silver badges 23 23 bronze badges. Already got a mess in AD, thanks to the last However, I realized that on the machine template you didn't add the fully distinguished name on the Subject tab. This was causing me issues in order to authenticate a device with ISE. Thanks for the video. Thank you for sharing. SCEP is usually used by network devices or capable server.

Computer should be joined to domain and get its certificate via GPO. Non-domain computer can request a cert through the web. You should only need CA role but it does not hurt to install the web enrollment. You need to make sure the Windows version is enterprise as well as the CA being an enterprise and not standalone CA.

You can see how the CA was installed and configured on our cert videos. I follow this guide but the certs are not being pushed to the computer nor the users.