Applies To:
Venafi Encryption Director 8.0 and above
Microsoft Windows 2003 and above
Summary:
Below are the required steps to set up the Microsoft CA Template object so VenafiTM Encryption Director can initiate and auto-enroll and new certificate and key generation requests with the Microsoft Certificate Services CA.
Minimum rights required to setup an MSCA:
- Create an Active Directory service account for Director to use when requesting certificates from Microsoft CA.
- Using the Certificate Authority MMC snap-in, right-click on the CA's name and select Properties.
- On the Security tab, grant the service account 'Read', 'Issue and Manage Certificates', and 'Request Certificates'.
- Using the Certificate Templates MMC snap-in, right-click on a template that Director will request certificates from and select Properties.
- On the Security tab, grant the service account 'Read' and 'Enroll'.
- Repeat this step for all templates that Director will be using.
Comments