Requirements Template Issuing CA.
To configure the certificate template
- On the IssuingCA, in Server Manager, click Tools, and then click Certification Authority. The Certification Authority Microsoft Management Console (MMC) opens.
- In the MMC, double-click the CA name, right-click Certificate Templates, and then click Manage.
- The Certificate Templates console opens. All of the certificate templates are displayed in the details pane.
- In the details pane, click the Workstation Authentication template.
- Click the Action menu, and then click Duplicate Template. The template Properties dialog box opens.
- Click the Security tab.
- On the Security tab, in Group or user names, click Domain Computers (or specifically the OSX Domain Computers joined Security Group, and add the Managed Service Account, for example Service account: svc_macdeploycert and give Allow and Enroll permissions.
- Go Back to the General Tab and Give the Template the name: OSX_Client and give the Validity 5 Year Validity (for phasing out old computers, revoke as needed).
- Under Subject Name Select Build This From Active Directory, Select Common Name in the Dropdown Box, and select the following two items.
- DNS Name
- SPN Suffix
- Under Compatabillity keep it at Server 2003 / Windows XP - 2003
- Click Apply and OK
- In the Certification Authority MMC, click Certificate Templates. On the Action menu, point to New, and then click Certificate Template to Issue. The Enable Certificate Templates dialog box opens. Select the Workstation template en click ok.
Add the Template via Certificate Templates > Right Mouse > New > Certificate Template to Issue and Select the OSC_Client Certificate Template.