Active Directory Certificate Services (AD CS) provides these versions of certificate templates that are available on enterprise certification authorities (CA).
Version 1 certificate templates
Version 1 certificate templates support general certificate needs and provide compatibility with clients and issuing CAs running Windows 2000 operating systems. Version 1 templates are installed by default during CA setup and cannot be deleted. The only property that can be modified on a version 1 template is the set of assigned permissions that controls access to the template.
Enrollment options
- Automatic enrollment
- Custom scripts
- Automatic certificate request settings in Group Policy can be used only for computer certificates
- Custom scripts
- Manual enrollment
- Certificates snap-in
- CA Web enrollment pages
- Certificates snap-in
Template availability
- Windows Server 2008 R2, all editions
- Windows Server 2008, all editions
- Windows Server 2003 R2, all editions
- Windows Server 2003, all editions
- Windows 2000 Server, all editions
Version 2 certificate templates
Version 2 certificate templates were introduced in Windows Server 2003 and can be configured by an administrator to control the way certificates are requested, issued, and used. Version 2 templates provide support for certificate autoenrollment.
Enrollment options
- Automatic enrollment
- Autoenrollment in Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Professional
- Custom scripts
- Autoenrollment in Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Professional
- Manual enrollment
- Certificate Enrollment Wizard
- CA Web enrollment pages
- Certificate Enrollment Wizard
Template availability
- Windows Server 2008 R2, all editions
- Windows Server 2008, Enterprise and Datacenter editions
- Windows Server 2003 R2, Enterprise and Datacenter editions
- Windows Server 2003, Enterprise and Datacenter editions
Version 3 certificate templates
In addition to version 2 template features and autoenrollment, version 3 certificate templates provide support for Suite B cryptographic algorithms. Suite B was created by the U.S. National Security Agency to specify cryptographic algorithms that must be used by U.S. government agencies to secure confidential information.
Template availability
- Windows Server 2008 R2, all editions
- Windows Server 2008, Enterprise and Datacenter editions