Certificate templates available from the ECA
On this page:
- Overview
- IU workstation authentication
- IU workstation authentication (offline request)
- IU SCCM authenticated session
- IU web server
- IU IPsec
- IU IPsec (offline request)
- IU Remote Desktop authentication
- IU Remote Desktop authentication with Subject Name
- IU Client Server Authentication (offline request)
Overview
The certificate templates listed here are currently available from the Indiana University Enterprise Certificate Authority (ECA).
Notes:
- All domain-joined computers can enroll and/or auto-enroll with this certificate template.
- Auto-enrolled computers can automatically re-enroll during the renewal period.
- Configure Group Policy to Autoenroll and Deploy Certificates
IU workstation authentication
Certificate template
- Description: Enables client computers to authenticate their identity to servers
- Schema version: 2
- Validity period: 1 year
- Renewal period: 6 weeks
- Application policies: Client authentication (1.3.6.1.5.5.7.3.2)
- Subject name: Build from this Active Directory information, Subject name format: None, Include this information in alternate subject name: DNS name
- Cryptography: Minimum key size 2048
- Possible uses: System Center Configuration Manager authentication and IIS Client Certificate Mapping authentication
IU workstation authentication (offline request)
Notes:
- Subject name and/or alternate subject name (DNS=) required for certificate submission
- Request an IU workstation authentication (offline request) certificate
Certificate template
- Description: Enables client computers to authenticate their identity to servers
- Schema version: 2
- Validity period: 1 year
- Renewal period: 6 weeks
- Application policies: Client authentication (1.3.6.1.5.5.7.3.2)
- Subject name: Supply in the request, Subject name format: None, Include this information in alternate subject name: DNS name
- Cryptography: Minimum key size 2048
- Issuance requirements: ECA administrator approval
- Possible uses: System Center Configuration Manager authentication and IIS Client Certificate Mapping authentication
IU SCCM authenticated session
Note:
This template has a separate group for enrolling computers. If you
want to add a group that will enroll with this certificate template, contact Tier 2, and staff will escalate to the ECA administrator.
Certificate template
- Description: For Mac client computers, for Configuration Manager enrollment: Authenticated Session
- Schema version: 2
- Validity period: 1 year
- Renewal period: 6 weeks
- Application policies: Client Authentication (1.3.6.1.5.5.7.3.2)
- Subject name: Build from this Active Directory information, Subject name format: Common name
- Cryptography: Minimum key size 2048
- Possible uses: Client authentication of Mac client computers for use with System Center Configuration Manager environments
IU web server
Notes:
- Subject name and/or alternate subject name (DNS=) required for certificate submission
- Request an IU web server certificate
Certificate template
- Description: Proves the identity of a web server
- Schema version: 2
- Validity period: 2 years
- Renewal period: 6 weeks
- Application policies: Server authentication (1.3.6.1.5.5.7.3.1)
- Subject name: Supply in the request
- Cryptography: Minimum key size 2048
- Issuance requirements: ECA administrator approval
- Possible uses: Server authentication, web server HTTPS/SSL/TLS, encrypted Remote Desktop services, and appliance/device certificates (for example, HP iLO, Dell iDRAC/DRAC)
IU IPsec
Notes:
- All domain-joined computers can enroll with this certificate template.
- This template has a separate group for auto-enrolling computers. If you would like to add a group of computers that will auto-enroll with this certificate template, contact Tier 2, and staff will escalate to the ECA administrator.
Certificate template
- Description: Used by IP security (IPsec) to digitally sign, encrypt and decrypt network communication
- Schema version: 2
- Validity period: 2 years
- Renewal period: 6 weeks
- Application policies: IP security IKE intermediate (1.3.6.1.5.5.8.2.2)
- Subject name: Build from this Active Directory information, Subject name format: None, Include this information in alternate subject name: DNS name
- Cryptography: Minimum key size 2048
- Possible uses: Secure and authenticate network traffic before application layer communication begins
IU IPsec (offline request)
Notes:
- Subject name and/or alternate subject name (DNS=) required for certificate submission
- Request an IU IPsec (offline request) certificate
Certificate template
- Description: Used by IPsec to digitally sign, encrypt, and decrypt network communication when the subject name is supplied in the request; the Network Device Enrollment Service in Windows Server 2008 uses this template by default for device certificates.
- Schema version: 2
- Validity period: 2 years
- Renewal period: 6 weeks
- Application policies: IP security IKE intermediate (1.3.6.1.5.5.8.2.2)
- Subject name: Supply in the request
- Cryptography: Minimum key size 2048
- Issuance requirements: CA certificate manager approval
- Possible uses: Secure and authenticate network traffic before application layer communication begins
IU Remote Desktop authentication
Notes:
- All domain-joined computers can enroll and/or auto-enroll with this certificate template.
- Configure the Server Authentication Certificate Template using Group Policy for Remote Desktop Services
Certificate template
- Description: Enables client computers to authenticate their identity to servers
- Schema version: 2
- Validity period: 1 year
- Renewal period: 6 weeks
- Application policies: Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2)
- Subject name: Build from this Active Directory information, Subject name format: None, Include this information in alternate subject name: DNS name
- Cryptography: Minimum key size 2048
- Possible uses: To authenticate a Remote Desktop session host
IU Remote Desktop authentication with Subject Name
Notes:
- Choose this template instead of the IU Remote Desktop Authentication template when there are third-party, non-Windows based clients receiving certificate warnings due to no Subject Name being presented in the certificate.
- All domain-joined computers can enroll and/or auto-enroll with this certificate template.
- Configure the Server Authentication Certificate Template using Group Policy for Remote Desktop Services
Certificate template
- Description: Enables client computers to authenticate their identity to servers
- Schema version: 2
- Validity period: 1 year
- Renewal period: 6 weeks
- Application policies: Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2)
- Subject name: Build from this Active Directory information, Subject name format: DNS name, Include this information in alternate subject name: DNS name
- Cryptography: Minimum key size 2048
- Possible uses: To authenticate a Remote Desktop session host
IU Client Server Authentication (offline request)
Note:
A subject name (CN=) and/or alternate subject name (DNS=) are required for certificate submission. See Request a Client Server Authentication (offline request) certificate at IU.
Certificate template
- Description: Used to mutually authenticate and encrypt communication traffic between clients and servers
- Schema version: 2
- Validity period: 2 years
- Renewal period: 6 weeks
- Application policies: Client authentication (1.3.6.1.5.5.7.3.2); server authentication (1.3.6.1.5.5.7.3.1)
- Subject name: Supply in the request
- Cryptography: Minimum key size is 2048
- Issuance requirements: CA certificate manager approval
- Possible uses: Secure and authenticate network traffic before application layer communication begins
This is document beeb in the Knowledge Base.
Last modified on 2024-04-15 17:04:48.