How to get and install a certificate (for Remote Desktop Server) from Active Directory Certificate Services after approval of request?

Question

I installed a machine with Active Directory Certificate Services (Enterprise Internal Root Authority). The machine is installed as Server Core with minimal roles, so Web service for CA is not installed.

I need a certificate for RDS server machines. The template for this certificate allow to specify Subject Alternate Name to account of different DNS names of the machines. So the certificate request need to be approved before certificate is issued.

I requested a certificate for a RD server from Certificate (Local Machine) MMC snap-in. The request appear in CA SMMC snap-in where I can approve. Once approved, how the certificate is supposed to be delivered and installed in the requesting machine?

Crypt32 · Accepted Answer · 2017-11-09T19:22:09.083

0

Option 1: On target machine (where you generated the request) open Certificates MMC, select root node, right-click, all tasks - Automatically Enroll and Retrieve certificates option.

Option 2: if certificate autoenrollment policy is enabled in Group Policies, run the following command in an elevated command prompt:

certutil -pulse

edited Nov 09 '17 at 19:22

answered Nov 09 '17 at 14:40

Crypt32

6,639
1
15
33

For Option 2 the policy you are advising is the one under "Computer Configuration \ Windows Settings \ Security Settings \ Public Key Policy" and is "Certificate Service Client - Auto Enrollment" ? – unlikely Nov 09 '17 at 16:00
Yes, I recommend to enable this policy always. – Crypt32 Nov 09 '17 at 16:43

How to get and install a certificate (for Remote Desktop Server) from Active Directory Certificate Services after approval of request?

1 Answers1