When in need to issue a domain certificate for web application or what ever usage you will need to install the Certificate Authority (CA) role on the domain controller in order to be able to issue as many certificate and for any purpose of your desire. first install the role :
Then you will the service up and running and you should have access by the url : https://your dc/certsrv and in the control panel you will have new link to Certificate Authority.
Now you are ready to add Certificate Template, Right click on “Certificate Templates” -> manage :
From the list of all the templates right click on the template you what and choose duplicate
Now you Will have a new copy of the template you choose , right click and browse through the tabs and set the the template as you wish :
After that you will have ready to issue certificate by the template you setup. Do not for get to add the right permissions :
You should give the “Authenticated Users” the “read & Enroll” allow permissions .
Next add the template to the “Certificate Template” store by right click again on the “Certificate Template” -> New:
And Choose the template you have just configure , now you will be able to enroll and issue certificate accordingly through the MMC -> certificate .
If you want to extend the certificate time period , you can change this settings on the certificate authority at :
In the right pane, double-click ValidityPeriod.
- In the Value data box, type one of the following, and then click OK:
- In the right pane, double-click ValidityPeriodUnits.
- In the Value data box, type the numeric value that you want, and then click OK. For example, type 2 for two years.