What are the minimum rights required to setup an MSCA

Applies To:

Venafi Encryption Director 8.0 and above

Microsoft Windows 2003 and above


Below are the required steps to set up the Microsoft CA Template object so VenafiTM Encryption Director can initiate and auto-enroll and new certificate and key generation requests with the Microsoft Certificate Services CA.

Minimum rights required to setup an MSCA:

  1. Create an Active Directory service account for Director to use when requesting certificates from Microsoft CA.
  2. Using the Certificate Authority MMC snap-in, right-click on the CA's name and select Properties.
  3. On the Security tab, grant the service account 'Read', 'Issue and Manage Certificates', and 'Request Certificates'.


  4. Using the Certificate Templates MMC snap-in, right-click on a template that Director will request certificates from and select Properties.
  5. On the Security tab, grant the service account 'Read' and 'Enroll'.


  6. Repeat this step for all templates that Director will be using.



Was this article helpful?
0 out of 0 found this helpful