Create Certificate Template

This task creates a certificate template named Operations Manager that can be issued from the Windows Server 2008 certification authority web enrollment page. The certificate template supports Server Authentication (OID 1.3.6.1.5.5.7.3.1) and Client Authentication (OID 1.3.6.1.5.5.7.3.2), and enables the name to be manually entered rather than auto-generated from Active Directory because the Edge Transport will not be an Active Directory domain member.

The steps to create the security template follow:

1. Log on to CA, which is DC1.companyxyz.com in this example.

2. Launch Server Manager.

3. Expand Roles, Active Directory Certificate Services, and select Certificate Templates (fqdn).

4. Right-click the Computer template and select Duplicate Template.

5. Leave the version at Windows 2003 Server, Enterprise Edition and click OK.

6. In the General tab in the Template display name, enter Operation Manager.

7. Select the Request Handling tab and mark the Allow Private Key to Be Exported option.

8. Select the Subject Name tab and select Supply in the request. Click OK at the warning.

9. Select the Security tab, select Authenticated Users, and select the Enroll check box.

10. Click OK to save the template.

11. Select the Enterprise PKI to expose the CA.

12. Right-click the CA and select Manage CA.

13. In the certsrv console, expand the CA, right-click the Certificates Templates, and select New, Certificate Template to Issue.

14. Select the Operations Manager certificate template and click OK.

The new Operations Manager template is now available in the Windows Server 2008 web enrollment page.