The default Microsoft Certificate template can be used to issue certificates to the end user. If using such a default, you may skip this section. AirWatch recommends the User Template for client authentication certificates.

  1. On the CA server, under the Certificate Authority Name, right click Certificate Templates and select Manage.

  2. Right click a default template that is closest to your needs and select Duplicate Template.

    Certs_CertEnroll-ADCS-DCOM_52

  3. Select Windows Server 2008 Enterprise and select OK

  4. Enter the Template display name and select Apply.

    Certs_CertEnroll-ADCS-DCOM_54

  5. Select the Issuance Requirements tab and select This number of authorized signatures. Under the Application policy drop-down field, select Certificate Request Agent and select Apply.

  6. Under the Subject Name tab, configure subject alternate name Including Email name and User Principal Name. AirWatch recommends this practice for Wi-Fi, VPN, and Email authentication. Click OK.

  7. Right click Certificate Templates under the CA name, select New, and select Certificate Template to Issue.

    Certs_CertEnroll-ADCS-DCOM_57

  8. Select the template that was just created and select OK.

    Certs_CertEnroll-ADCS-DCOM_58