We already created Web Server certificate in Part1. It is now time to create client certificates. Log on to Certification Authority console, right click Certificate Templates and then select Manage.
Right click on Workstaation Authentication and Select Duplicate Template
Choose windows Server 2003 Enterprise
Give your template a name, I name it ConfigMgrClientCert
Select Security Tab, Choose Domain Computers. Make sure Read, Enroll and AutoEnroll permissions are given. Click OL and close the properties of this new template. Close Certificate Templates Console.
On Certification Authority console, right click Certificate Template and choose New/Certificate Template to Issue
Select the Client Certificate we just created and click OK.
Group Policy Configuration For Client Certificate:
Log on to Domain Controller and start Group Policy Management. Right click the domain and choose Create a GPO in this domain and Link it here.
Give a relevant name to this GPO and Edit the new GPO.
Open the Certificate Services Client – Auto – Enrollment Properties
Select Enabled options and make sure you check both checkboxes.
Close Group Policy Managent. That is all we need to do for Client certficate. In Part 3, I will show how to create a Client Certificate for Distribution Points.