How to: Use NDE to enroll from more than one CA template


Network Device Enrollment (NDE) allows using multiple CA templates for issuing certificates. This article describes the process of configuring support for additional CA templates.

More info:

  1. Create the new CA template object
  2. Create a certificate credential from a certificate signed by the CA you are going to use (either upload a certificate or link to an existing on in the policy tree)
  3. Navigate to the platforms tree
  4. Click on the Engine object (the name of the director server)
  5. Click on the Rules tab
  6. Enable the option 'Support Additional CAs configured on policies'
  7. Click the Add button
  8. Choose the location you want to store these new certs from the new CA
  9. In the pop up window add a string to be used to append to the url in the request. i.e. (for Redhat we have used Redhat, thus the url would be http://director/vedscep/redhat)
  10. Choose the CA template object
  11. Choose the RA certificate credential object
  12. Click Ok
  13. Restart the IIS service


Note: The NDE rules are calculated for evaluation when the IIS service is started, therefore any changes made to the rules/configuration requires that the IIS service be restarted or the app pool must time out before these take effect. The app pool will time out in about 15 minutes if nobody is using the web service.

Was this article helpful?
0 out of 0 found this helpful