Enrolling the certification authority certificate

This section describes how to enroll the certification authority (CA) certificate.

To enroll the CA certificate

1. Create a CA template that uses SafeNet Key Storage Provider.

   1. Open a command prompt and run certtmpl.msc

   2. Right-click Administrator

   3. Select Duplicate Template.

   

2. Select Windows Server 2008, for both CA and Certificate recipient under Compatibility Settings, and OK.

   

3. Verify the changes on the Resulting Changes window and select OK.

   1. Select the General tab. Enter template name.

   2. Go to the Cryptography tab. Select Key Storage Provider for Provider Category.

   3. Select the Requests must use one of the following providers radio button.

   4. In the Providers field select the SafeNet Key Storage Provider only.

   5. For Algorithm Name select an algorithm.

   6. Select Request Hash.

   7. Go to the Subject Name tab.

   8. Uncheck the Include e-mail name in subject name check box

   9. Uncheck the E-mail name check box.

      

   10. Select Apply and OK to save the template.

   11. Open the command prompt and run certsrv.msc.

   12. Double-click the CA name.

   13. Right-click the Certificate Templates node.

   14. Select New > Certificate Template to Issue

       

   15. Select the template you recently created and OK.

       

4. Request a certificate based on the template.

   1. Request a certificate based on the template.

   2. Open the command prompt and run the certmgr.msc command.

   3. Right-click the Personal node.

   4. Select All Tasks > Request New Certificate…

      

   5. Select Next.

   6. Select Next.

   7. Enable the check box for the template you created above.

   8. Select Enroll.

   9. Verify the certificate is enrolled successfully. The UI enrollment wizard shows if the certificate enrollment was successful.