On the NDES server, open the Windows search bar and look for certlm.msc. Open it.

In the left toolbar, right-click Personal and select All Tasks > Request New Certificate.

On the Select Certificate Enrollment Policy page, select [ Active Directory Enrollment Policy ]. Select [ Next ].

Select the NDES certificate created earlier and select [ More information is required to enroll for this certificate. Click here to configure Settings ].

On the Certificate Properties page, make the following changes:

Select [ Apply ] and then [ OK ]. Then select [ Enroll ].

On the NDES server, open the Windows search bar and look for Internet Information Services (IIS) Manager. Open it.

Expand your Server Name > Sites and then select [ Default Web Site ].

On the right side of the screen, locate Edit Site and select [ Bindings ].

On the Site Bindings page, select [ Add ].

Change the Type to HTTPS and select [ Select ]. Select the NDES certificate you just installed and select [ OK ].

On the NDES server, open the Windows search bar and look for Internet Information Services (IIS) Manager. Open it.

Expand your Server Name > Sites and then select [ Default Web Site ].

Locate and select [ Request Filtering ].

On the right side of the screen, locate and select [ Edit Feature Settings ].

Change the Max Url length and Max query string values to 65534. Select [ OK ].

On the NDES server, open the Windows search bar and look for System Registry Editor. Open it.

Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP and locate GeneralPurposeTemplate.

Change the value to the name of your certificate template created for NDES. (Not the display name.)

Close the registry editor and restart the NDES server.