WolfTech Domain Admins have implemented a subordinate Microsoft Enterprise CA into the WolfTech Active Directory domain. The subordinate CA certificate was issued by the NCSU standalone CA.
The Windows Enterprise subordinate CA will be used to issue certificates, with various functions, to computers and users. Thus it is also considered an issuing CA. It is perpetually on the network, unlike the standalone CA, which is not on the network.
When we set it up, we configured the CAPolicy file as follows:
———————————–[Version] Signature=”Windows NT$” [CRLDistributionPoint] url=http://www.ncsu.edu/crl/NorthCarolinaStateUniversityEnterpriseCA.crl [AuthorityInformationAccess] url=http://www.ncsu.edu/crl/NorthCarolinaStateUniversityEnterpriseCA.crt [certsrv_server] LoadDefaultTemplates=False
The last line prevents the CA installation from publishing all the default certificate templates.