Certificates can be requested by any subject that has at least Read and Enroll permissions for the corresponding certificate template. In some cases, the administrator may want to place some restrictions on the process that occurs after a certificate request is made. This gives the administrator control of what certificates are issued and how the issuance process is implemented. This type of restriction is known as an issuance policy (also known as an enrollment or certificate policy). Issuance policies can contain requirements for certificate manager approval, multiple authorized signature requirements, and whether application and issuance policies should be implemented for this certificate. For more information, see Application Policy.
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
To modify an issuance policy |
-
Open the Certificate Templates snap-in.
-
In the details pane, right-click the certificate template that you want to change, and then click Properties.
-
Click the Issuance Requirements tab.
-
Provide the requested information.
-
Click Apply.
Additional considerations
- This procedure is applicable to version 2 and
version 3 certificate templates. For more information, see Certificate Template
Versions.