PKI Question


  • Hello,

    Question about PKI in a domain.

    In an existing domain there are a couple DC's that have templates for workstation auth used in wireless ad logins.

    They have an existing root-ca that is part of the domain that is not a DC.   The DC's have CA and they have the above templates.

    They setup two new sub's under the root-ca that are part of the domain but are not domain controllers.

    When they choose manage templates on the two new sub's they see the templates but when they try - new cert template to issue the templates they need are not available??  If you choose manage it only shows the DC's and not the new subs.

    Wednesday, May 16, 2018 8:05 PM

All replies

  • This worked to get the cert over -

    C:\Windows\system32>certutil.exe -SetCAtemplates +WorkstationAUTH
    0: WorkstationAUTH: Adding
    CertUtil: -SetCATemplates command completed successfully.

    Wednesday, May 16, 2018 9:34 PM