The administrator of a certification authority (CA) can manage certificate enrollment by:
-
Configuring certificate enrollment and autoenrollment options on certificate templates. For more information, see Issuing Certificates Based on Certificate Templates (
https://go.microsoft.com/fwlink/?LinkId=142333 ).
-
Enabling certificate autoenrollment options in Group Policy. For more information, see Configure Certificate Autoenrollment.
-
Configuring the default request handling options for the CA. For more information, see Set the Default Action Upon Receipt of a Certificate Request.
Note You can specify whether a stand-alone CA will hold incoming certificate requests as pending or automatically issue the certificate. In most cases, for security reasons, all incoming certificate requests to a stand-alone CA should be marked as pending.
-
Selecting whether to allow certificates to be published to the file system. Actual publication will only occur if the certificate request specifies a file system location where the certificate is to be published. For more information, see Publish Certificates to the File System.
-
Evaluating and acting on pending certificate requests. For more information, see Review Pending Certificate Requests.