Most organizations want auto-enrolment of certain certificate templates, while still having MIM CM capabilities. In the following example, The Financial Company will use the EFS certificate for enrolment and recovery.
The first step in this process is to set up the certificate template. We will navigate to the CA to duplicate the Basic EFS template, as depicted in the following screenshot:
In the template screen, enter the following information:
The General tab:
Template Display Name: Archive EFS
Validity Period: 2 years
Renewal Period: 6 weeks
Publish certificate in Active Directory: Enabled
Do not automatically re-enrol if a duplicate certificate exists in Active Directory: Enabled
Leave all the other settings at default values
The Request Handling tab:
Archive subject's encryption private key: Enabled
Leave all the other settings at default values
The Subject Name, Server, Issuance Requirements, and Extensions tabs:
Leave all the settings...