Active Directory Configuration

To access the Microsoft Certificate Template, you should install Remote Server Administration Tools (RSAT). If it’s not on your windows server, you can follow the steps below to install it:

1. Open the Server Manager tool.

2. Select Manage > Add Roles and Features.

3. Select Features and expand Remote Server Administration Tools > Role Administration Tools > Active Directory Certificate Services Tools.

4. Select Certification Authority Management Tools.

5. Select Next and then select Install.

To update or create Certificate template, you need to press Win + R and execute mmc.exe. Select File > Add/Remove Snap-in.

Click on Certificate templates, you should see all the templates available in the forest. EVERTRUST advises to duplicate existing Microsoft Certificate Template in order to create new ones consumed by WinHorizon.

To check the authorizations on the different templates, you can right click on a template and choose properties. WinHorizon requires each template it manages to have at least the permission Read for the group Authenticated Users.

Moreover, EverTrust recommends creating AD local groups and grant Read/Enroll/Auto enroll rights on proper Microsoft Certificate.

You need to enable GPO to enable auto-enrollment. For detailed instructions on enabling auto-enrollment through a GPO, please refer to the Microsoft documentation or your organization’s Active Directory configuration guidelines.

This section details how to publish the trust chain within Active Directory.

1. Launch a 'cmd.exe' using a privileged account (using the 'RunAs' command);

2. Execute the following command to add Root CA:

3. Execute the following command to add Subordinate CA:

4. Execute the following command to push new Active Directory schema: