What are the minimum rights required to do a CA import

Applies To:

Venafi Encryption Director 11.0 and above


You can import certificates based on the issuing Certificate Authority. After the import is configured, all certificates issued by a specified Certificate Authority will be identified, then placed into policies that you designate.


Minimum rights required to do a CA import:

  1. Create an Active Directory service account for Director to use when requesting certificates from Microsoft CA.
  2. Using the Certificate Authority MMC snap-in, right-click on the CA's name and select Properties.
  3. On the Security tab, grant the service account 'Read' and 'Request Certificates'.


  1. Using the Certificate Templates MMC snap-in, right-click on a template that Director will request certificates from and select Properties.
  2. On the Security tab, grant the service account 'Read'.


  1. Repeat this step for all templates that Director will enroll or import.


Was this article helpful?
1 out of 1 found this helpful