The administrator of a certification authority (CA) can manage certificate enrollment by:

  • Configuring certificate enrollment and autoenrollment options on certificate templates. For more information, see Issuing Certificates Based on Certificate Templates (https://go.microsoft.com/fwlink/?LinkId=142333).

  • Enabling certificate autoenrollment options in Group Policy. For more information, see Configure Certificate Autoenrollment.

  • Configuring the default request handling options for the CA. For more information, see Set the Default Action Upon Receipt of a Certificate Request.

    Note

    You can specify whether a stand-alone CA will hold incoming certificate requests as pending or automatically issue the certificate. In most cases, for security reasons, all incoming certificate requests to a stand-alone CA should be marked as pending.

  • Selecting whether to allow certificates to be published to the file system. Actual publication will only occur if the certificate request specifies a file system location where the certificate is to be published. For more information, see Publish Certificates to the File System.

  • Evaluating and acting on pending certificate requests. For more information, see Review Pending Certificate Requests.

Additional references


Table Of Contents