0

I installed a machine with Active Directory Certificate Services (Enterprise Internal Root Authority). The machine is installed as Server Core with minimal roles, so Web service for CA is not installed.

I need a certificate for RDS server machines. The template for this certificate allow to specify Subject Alternate Name to account of different DNS names of the machines. So the certificate request need to be approved before certificate is issued.

I requested a certificate for a RD server from Certificate (Local Machine) MMC snap-in. The request appear in CA SMMC snap-in where I can approve. Once approved, how the certificate is supposed to be delivered and installed in the requesting machine?

unlikely
  • 173
  • 2
  • 9

1 Answers1

0

Option 1: On target machine (where you generated the request) open Certificates MMC, select root node, right-click, all tasks - Automatically Enroll and Retrieve certificates option.

Option 2: if certificate autoenrollment policy is enabled in Group Policies, run the following command in an elevated command prompt:

certutil -pulse
Crypt32
  • 6,639
  • 1
  • 15
  • 33
  • For Option 2 the policy you are advising is the one under "Computer Configuration \ Windows Settings \ Security Settings \ Public Key Policy" and is "Certificate Service Client - Auto Enrollment" ? – unlikely Nov 09 '17 at 16:00
  • Yes, I recommend to enable this policy always. – Crypt32 Nov 09 '17 at 16:43