Certificate Templates to copy for DirectAccess use RRS feed

  • Question

  • We have a full internal CA infrastructure running on Windows Server.  I want to issue both the server certificate and client certificates from the internal CA.  I never use the default templates in PKI, instead I copy one and then modify it as needed and make it available.  With that being said should the client certificate be a copy of the Workstation Authentication certificate template or the Computer certificate template.  Also, the server will require a certificate based off the Web Server certificate template, correct?

    Thanks in advance!

    Thursday, June 16, 2016 7:00 PM

All replies

  • Hi,

    Computer certificate Template would be perfect.

    BenoitS - Simple by Design

    • Proposed as answer by BenoitSMVP Sunday, June 19, 2016 11:00 AM
    Sunday, June 19, 2016 11:00 AM
  • Will Workstation Authentication certificate template work and what about the server certificate?
    Monday, June 20, 2016 1:51 PM
  • On most deployments I do the following to enhance security

    DA Client - Workstation Template (Duplicate)

    DA Server - Computer Template (Duplicate)

    Works well on a large number of deployments. We have discussed with MSFT that perhaps the documentation could be updated to reflect this

    John Davies

    Thursday, August 4, 2016 2:06 PM