Endpoint management
Microsoft Intune

Configure the Certificate Authority for NDES

4min
after installing adcs and deploying an enterprise ca, you now need to configure it for use with ndes you have one domain administrator account acting as a service account and must create an ndes user acting as the application pool account create the ndes application pool user and assign it to iis iusrs go to start > administrative tools > server manager , and select \[ tools ] select \[ active directory users and computers ] expand your domain name and right click users select new > user give your ndes user a name and select \[ next ] specify a password for the ndes user and select \[ next ] then, select \[ finish ] right click the user you just created and select \[ add to a group ] in the enter the object names to select box , type iis iusrs and select \[ ok ] right click your ndes user and select \[ properties ] go to the member of tab and verify the user is added to the iis iusrs group create the ndes certificate template go to start > administrative tools > server manager , and select \[ tools ] select \[ certification authority ] on the left toolbar, expand your domain and right click certificate templates then, select \[ manage ] locate the web server certificate template right click and select \[ duplicate template ] in general , give the certificate template a name (for example ndes encryption ) in subject name , select supply in the request in extensions , select application policies > edit and add both client authentication and server authentication in security , select \[ add ] in the enter the object names to select box, enter the name of your ndes application pool user and select \[ ok ] give your ndes application pool user read and enroll permissions to the certificate give your ndes service account full control in request handling , set the purpose to signature and encryption select the options include symmetric algorithms allowed by the subject and allow private keys to be exported select \[ apply ] to save your changes, and then select \[ ok ] deploy the ndes certificate go to start > administrative tools > server manager and select \[ tools ] select \[ certification authority ] expand your domain on the left toolbar and right click certificate templates then, select new > certificate template to issue select your ndes certificate you just created and select \[ ok ] for more information on installing and configuring active directory certificate services ndes, refer to the microsoft documentation
Updated 30 Apr 2024
Did this page help you?
PREVIOUS
Install and configure AD CS
NEXT
Configure Active Directory Certificate Services - NDES
Docs powered by Archbee