The General tab contains validity and renewal information for certificates that will be issued based on a certificate template.
The default validity and renewal period settings for certificates issued by Active Directory Certificate Services (AD CS) are designed to meet most security needs. However, you might want to specify different validity and renewal settings, such as shorter lifetime or renewal periods for certificates that are used by certain user groups.
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
To modify the validity or renewal period for a certificate template |
-
Open the Certificate Templates snap-in.
-
In the details pane, right-click the certificate template that you want to change, and then click Properties.
-
On the General tab, check the current validity period and renewal period values, modify them as needed, and then click Apply.
The Publish certificate in Active Directory option determines whether information about the certificate template will be made available throughout the enterprise.
The Do not automatically re-enroll if a duplicate certificate exists in Active Directory option is applied when the subject attempts to enroll for a certificate based on this template from a computer running Windows XP or later. With this option, certificate autoenrollment will not submit a re-enrollment request if a duplicate certificate exists in Active Directory Domain Services (AD DS). This allows certificates to be renewed but prevents multiple duplicate certificates from being issued.
The Smart card certificate keys option enables the existing key to be used if a new key cannot be created during renewal of a smart card certificate. This option helps prevent smart card certificate renewal failures that could result when a smart card runs out of disk space.
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
To configure certificate publishing in AD DS |
-
Open the Certificate Templates snap-in.
-
In the details pane, right-click the certificate template that you want to change, and then click Properties.
-
On the General tab, select the appropriate Active Directory setting, and then click Apply.