Network Device Enrollment (NDE) allows using multiple CA templates for issuing certificates. This article describes the process of configuring support for additional CA templates.
- Create the new CA template object
- Create a certificate credential from a certificate signed by the CA you are going to use (either upload a certificate or link to an existing on in the policy tree)
- Navigate to the platforms tree
- Click on the Engine object (the name of the director server)
- Click on the Rules tab
- Enable the option 'Support Additional CAs configured on policies'
- Click the Add button
- Choose the location you want to store these new certs from the new CA
- In the pop up window add a string to be used to append to the url in the request. i.e. (for Redhat we have used Redhat, thus the url would be http://director/vedscep/redhat)
- Choose the CA template object
- Choose the RA certificate credential object
- Click Ok
- Restart the IIS service
Note: The NDE rules are calculated for evaluation when the IIS service is started, therefore any changes made to the rules/configuration requires that the IIS service be restarted or the app pool must time out before these take effect. The app pool will time out in about 15 minutes if nobody is using the web service.