Certificate templates available from the ECA

Following is a listing of certificate templates currently available from the Indiana University Enterprise Certificate Authority (ECA).

On this page:


IU workstation authentication

Notes:

Certificate template

  • Description: Enables client computers to authenticate their identity to servers
  • Schema version: 2
  • Validity period: 1 year
  • Renewal period: 6 weeks
  • Application policies: Client authentication (1.3.6.1.5.5.7.3.2)
  • Subject name: Build from this Active Directory information, Subject name format: None, Include this information in alternate subject name: DNS name
  • Cryptography: Minimum key size 2048
  • Possible uses: System Center Configuration Manager authentication and IIS Client Certificate Mapping authentication

IU workstation authentication (offline request)

Notes:

Certificate template

  • Description: Enables client computers to authenticate their identity to servers
  • Schema version: 2
  • Validity period: 1 year
  • Renewal period: 6 weeks
  • Application policies: Client authentication (1.3.6.1.5.5.7.3.2)
  • Subject name: Supply in the request, Subject name format: None, Include this information in alternate subject name: DNS name
  • Cryptography: Minimum key size 2048
  • Issuance requirements: ECA administrator approval
  • Possible uses: System Center Configuration Manager authentication and IIS Client Certificate Mapping authentication

IU SCCM authenticated session

Note:
This template has a separate group for enrolling computers. If you want to add a group that will enroll with this certificate template, contact the ECA administrator.

Certificate template

  • Description: For Mac client computers, for Configuration Manager enrollment: Authenticated Session
  • Schema version: 2
  • Validity period: 1 year
  • Renewal period: 6 weeks
  • Application policies: Client Authentication (1.3.6.1.5.5.7.3.2)
  • Subject name: Build from this Active Directory information, Subject name format: Common name
  • Cryptography: Minimum key size 2048
  • Possible uses: Client authentication of Mac client computers for use with System Center Configuration Manager environments

IU web server

Notes:

Certificate template

  • Description: Proves the identity of a web server
  • Schema version: 2
  • Validity period: 2 years
  • Renewal period: 6 weeks
  • Application policies: Server authentication (1.3.6.1.5.5.7.3.1)
  • Subject name: Supply in the request
  • Cryptography: Minimum key size 2048
  • Issuance requirements: ECA administrator approval
  • Possible uses: Server authentication, web server HTTPS/SSL/TLS, encrypted Remote Desktop services, and appliance/device certificates (e.g., HP iLO, Dell iDRAC/DRAC)

IU IPsec

Notes:
  • All domain-joined computers can enroll with this certificate template.
  • This template has a separate group for auto-enrolling computers. If you would like to add a group of computers that will auto-enroll with this certificate template, contact the ECA administrator.

Certificate template

  • Description: Used by IP security (IPsec) to digitally sign, encrypt and decrypt network communication
  • Schema version: 2
  • Validity period: 2 years
  • Renewal period: 6 weeks
  • Application policies: IP security IKE intermediate (1.3.6.1.5.5.8.2.2)
  • Subject name: Build from this Active Directory information, Subject name format: None, Include this information in alternate subject name: DNS name
  • Cryptography: Minimum key size 2048
  • Possible uses: Secure and authenticate network traffic before application layer communication begins

IU IPsec (offline request)

Notes:

Certificate template

  • Description: Used by IPsec to digitally sign, encrypt, and decrypt network communication when the subject name is supplied in the request; the Network Device Enrollment Service in Windows Server 2008 uses this template by default for device certificates.
  • Schema version: 2
  • Validity period: 2 years
  • Renewal period: 6 weeks
  • Application policies: IP security IKE intermediate (1.3.6.1.5.5.8.2.2)
  • Subject name: Supply in the request
  • Cryptography: Minimum key size 2048
  • Issuance requirements: CA certificate manager approval
  • Possible uses: Secure and authenticate network traffic before application layer communication begins

IU Remote Desktop authentication

Notes:

Certificate template

  • Description: Enables client computers to authenticate their identity to servers
  • Schema version: 2
  • Validity period: 1 year
  • Renewal period: 6 weeks
  • Application policies: Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2)
  • Subject name: Build from this Active Directory information, Subject name format: None, Include this information in alternate subject name: DNS name
  • Cryptography: Minimum key size 2048
  • Possible uses: To authenticate a Remote Desktop session host

IU Remote Desktop authentication with Subject Name

Notes:

Certificate template

  • Description: Enables client computers to authenticate their identity to servers
  • Schema version: 2
  • Validity period: 1 year
  • Renewal period: 6 weeks
  • Application policies: Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2)
  • Subject name: Build from this Active Directory information, Subject name format: DNS name, Include this information in alternate subject name: DNS name
  • Cryptography: Minimum key size 2048
  • Possible uses: To authenticate a Remote Desktop session host

IU Client Server Authentication (offline request)

Note:
A subject name (CN=) and/or alternate subject name (DNS=) are required for certificate submission. See At IU, how do I request a Client Server Authentication (offline request) certificate?

Certificate template

  • Description: Used to mutually authenticate and encrypt communication traffic between clients and servers
  • Schema version: 2
  • Validity period: 2 years
  • Renewal period: 6 weeks
  • Application policies: Client authentication (1.3.6.1.5.5.7.3.2); server authentication (1.3.6.1.5.5.7.3.1)
  • Subject name: Supply in the request
  • Cryptography: Minimum key size is 2048
  • Issuance requirements: CA certificate manager approval
  • Possible uses: Secure and authenticate network traffic before application layer communication begins

This is document beeb in the Knowledge Base.
Last modified on 2017-12-01 15:44:25.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.