Previous Topic: Enable Active Directory SSL with Active Directory in Windows 2008 (Optional)Next Topic: Prepare Enterprise Management Server to connect to Active Directory SSL


Configure Automatic Certificate Allocation from an Enterprise Certificate Authority

You can use auto-enrollment to install computer certificates. For the automatic allocation of computer certificates, configure the Group Policy on the Active Directory domain.

Follow these steps:

  1. On the domain controller, open the Active Directory Users and Computers console.
  2. Double-click Active Directory Users and Computers, right-click your CA domain name, and click Properties.
  3. On the Group Policy tab, click Default Domain Policy and Edit.
  4. Navigate to Computer Configuration, Windows Settings, Security Settings, Public Key Policies, Automatic Certificate Request Settings.
  5. Right-click Automatic Certificate Request Settings.
  6. Select New, and click Automatic Certificate Request.

    The Automatic Certificate Request wizard opens.

  7. Click Next.
  8. In Certificate templates, click Computer and Next.

    Your enterprise root CA appears on the list.

  9. Click CA, Next, and Finish.

    You can now import certificates into Enterprise Management. To create a computer certificate for the CA computer, type the following command at the command prompt:

    gpupdate /target:Computer.