Search for ro Fete Lng pee Reet RU MUR Uti T Nome Aetiveirectory Deni eniestesvio Auto KB ID0000919 Problem 'SHACERTIFICATE WARNING Note The article wse wren ome time a0 ‘ensue Your CA environment does NOT use SHA for your crtieates it ‘oes Please vit the following nk for migration instructions ‘parade Your Mcrosot PK Environment to SHA2 (SHA256) | need to setup wireless authentication base on compute certeates. ve one similar obs before by manualy issuing certitates for Cisco ‘AnyConnect but this wl be fr NiA°/RADIUS authenteaton to 5%. 1be ‘working with Server 2008 Re and Windows 7 clients So task one was ‘getting my head ound auto envllment As stated deploying Computer cetifcates but the process is practical the same frissuing User cerilestes ll point outte cferences where applicabe. Solution Prerequistes:& Windows demain enorme. wth working ONS Setup a Certification Authority 1: Launch Server Manager Servermanagermse! Roles > AdARoles > Active rectory Cotcate Services» Nox > Im going to accep al the defaultsr i F i i 2 The ony ting m goinato changes te etme. usualy change that from 5 to 10 years orce of habit after 5 years wil probably stil be my problem in 0 yearsit willbe replaced orn skip! Create a Computer Certincate Template and Issue it 23 Start > Administrative Teols> Carteaton Author > Canes “Templates > Manage, «Locate and make a copy of the Workstation Authentication tomas. f you were using Use certificates the you would copy the User template Note | got an malta few months age form someone who had an argument about whether to make copes or eit the originals and was asking what | thought was best practice Well would ALWAYS copy tomplate and edt that copy. Then if ou stuf i up you siLhave the eriginal Its aluays best practice to avai ooking bike actin!'5 you stillhave Server 2002 servers choose the default. fnot pick 2008 > 6 General Tab > Give the template a sensible name.8 Secuy Ta Ensure Domain Gomputershave te ahs to Read art Autoonoll> Ok > Cloze the template console, 10 Pick he one you ust created >, 1. Make sure tested » Close the Certieate Autorty management conscleDeploy Auto-enrolled Certificates via Group Policy "Note You could just acs this to the tothe default comain group poly. nd allcomputors would get a certificate, but forthis exercise ve created an ‘OU. ann gong to create anew policy and linkter 12 Select an OV or container that contains the computer objets you want to send cotifates ta, Note Obvious Ifyou are sending out Usor eortifates then Ink ito user U, youwoule be surprised) 13 Navigteto WARNING: deploying user certieates tad ore14 Enable the poley > Select the two options avaiable » Apply > OK> Close the CPO management edior. Test Windows Certificate Auto-Enrollment 15 Before we do anything ese, you can see there are no ceriicates on the windows 7 cent machine and there arene crticates sued! rom the Note To soe a computers ceticates, you need tobe loggedtin with aciminsrativo rights run mm an add nthe cortcaes snap-in for Toca computer: 16 Nowif move this machine nt the 01 that ve Unked the SPO toi Related Articles, References, Credits, or External Links added to the Subject oF Subject Al Pea h ele oy Tels]