Windows Server 2012: Certificate Template Versions and Options – TechNet Articles – United States (English)

Windows Server 2012: Certificate Template Versions and Options – TechNet Articles – United States (English)
Applies to Windows Server 2012

Windows Server 2012 presents modifications to the certificate design template variations and certificate design template residential or commercial properties alternatives.

  • The procedure for replicating certificate design templates has actually altered
  • There is a brand-new kind of certificate design template variation (variation 4) that has numerous brand-new alternatives

These modifications are talked about in this post in the following areas.

go back to top

Duplicating Certificate Templates

When replicating a certificate design template in Windows Server 2012, you do not pick a design template variation as explained in Create a New Certificate Template Rather, a Compatibility tab is shown when a certificate design template is duplicated.

The Compatibility tab assists to set up the choices that are offered in the certificate design template. The alternatives offered in the certificate design template residential or commercial properties alter relying on the os variations that are chosen for the accreditation authority ( CA) and certificate recipient. If the set up CA is Windows Server 2008 R2 and the set up certificate recipient is Windows 7/ Server 2008 R2, the choice to Renew with the very same secret would be not available.

 Warning
Once you click OKAY or Apply, you are conserving the design template and its variation. The design template variation (schema) can not be customized after that.

The Show resulting modifications checkbox enables you to manage whether the Resulting modifications dialog box is shown. The Resulting modifications dialog box reveals what alternatives are eliminated or included based upon a modification to the accreditation authority or certificate recipient os variation.

The Compatibility tab does not have a limiting impact on variation 1, variation 2, or variation 3 design templates, as shown by the declaration: These settings might not avoid earlier os from utilizing this design template The Compatibility tab offers a technique for administrators to set up an operating system mix and then see which choices are offered for that mix. For variation 4 design templates, the Compatibility tab shows the os variation mixes that will take part in certificate registration and issuance. Beginning in Windows 8 and Windows Server 2012, certificate customers will appreciate the os variations that are set up in the Compatibility tab.

 Caution
When you set up the CA variation to Windows Server 2012, you might not see the choice to choose certificates in Windows 7 or Windows Server 2008 over Certificate Enrollment Web Services. To solve this concern, you can set the design template to reveal a Windows Server 2008 R2 CA, even if it is actually a Windows Server 2012 CA. For additional information, see Certificate Templates Not Available for Windows 7 and Windows Server 2008 R2 Certificate Recipients utilizing Certificate Enrollment Web Services

go back to top

Certificate Template Schema Versions

The settings that you set up on the Compatibility tab and in the certificate design template homes identify the certificate design template schema variation that is developed when the design template is conserved. The reasoning for identifying the certificate design template schema variation that is produced is as follows:

  1. If the CA os is Windows Server 2012 and the certificate recipient os is Windows 8, then a variation 4 certificate design template schema variation is produced.
  2. If the CA os is earlier than Windows Server 2012 or the certificate recipient is earlier than Windows 8, then a certificate design template schema variation 4 design template is not developed. The kind of design template produced relies on the cryptographic supplier that is chosen:
    • If a cryptographic company ( CSP) is chosen, then a certificate design template schema variation 2 is developed
    • If a crucial storage supplier ( KSP) is chosen, then a certificate design template schema variation 3 is produced.

Notes

  • For details about Version 1, 2, and 3 certificate design templates, see Certificate Template Versions
  • For info about certificate design template residential or commercial properties alternatives present in previous os variations, see the list below resources:

o Windows Server 2008 R2: Configuring a Certificate Template
o Windows Server 2008: Administering Certificate Templates
o Windows Server 2003: Certificate Template Overview

go back to top

Version 4 Certificate Templates

The brand-new functions that variation 4 certificate design templates consist of are:

  • Renew with the very same secret
  • Support for both CSP and KSP in addition to the capability to arrange suppliers in order of choice
  • Allow key-based renewal
  • Enable requestor defined issuance

Renew with the exact same secret

Windows Server 2012 presents the alternative to Renew with the exact same secret on the Request Handling tab of the certificate design template residential or commercial properties.

When Renew with the very same secret is chosen, restoring with the very same secret is implemented. Renewal with the very same crucial permits the very same guarantee level of the initial secret to be preserved throughout its lifecycle.

Windows Server 2012 supports producing Trusted Platform Module ( TPM)- safeguarded secrets utilizing TPM-based essential storage service providers (KSPs). The advantage of utilizing TPM-based KSP holds true non-exportability of secrets supported by the anti-hammering system of TPMs. Administrators can set up certificate design templates so that Windows 8 and Windows Server 2012 to offer greater top priority to TPM-based KSPs for creating secrets (as explained in the Support for CSPs, KSPs, and service provider purchasing area). Utilizing renewal with the very same secret, administrators can stay guaranteed that the secret still stays on TPM after renewal.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: