Venafi Encryption Director 11.0 and above
You can import certificates based on the issuing Certificate Authority. After the import is configured, all certificates issued by a specified Certificate Authority will be identified, then placed into policies that you designate.
Minimum rights required to do a CA import:
- Create an Active Directory service account for Director to use when requesting certificates from Microsoft CA.
- Using the Certificate Authority MMC snap-in, right-click on the CA's name and select Properties.
- On the Security tab, grant the service account 'Read' and 'Request Certificates'.
- Using the Certificate Templates MMC snap-in, right-click on a template that Director will request certificates from and select Properties.
- On the Security tab, grant the service account 'Read'.
- Repeat this step for all templates that Director will enroll or import.