There may be cases where it is necessary to install the standard Microsoft certificate templates before installing the first Active Directory integrated certificate authority (Enterprise Certification Authority), or to reinstall the templates, for example because they have been corrupted or otherwise modified.
The following standard certificate templates are defined:
| Object name | Display name (English) |
|---|---|
| Administrator | Administrator |
| CA | Root Certification Authority |
| CAExchange | CA Exchange |
| CEPEncryption | CEP Encryption |
| ClientAuth | Authenticated Session |
| CodeSigning | Code Signing |
| CrossCA | Cross Certification Authority |
| CTLSigning | Trust List Signing |
| DirectoryEmailReplication | Directory Email Replication |
| DomainController | Domain controller |
| DomainControllerAuthentication | Domain Controller Authentication |
| EFS | Basic EFS |
| EFSRecovery | EFS Recovery Agent |
| EnrollmentAgent | Enrollment Agent |
| EnrollmentAgentOffline | Exchange Enrollment Agent (Offline request) |
| ExchangeUser | Exchange User |
| ExchangeUserSignature | Exchange User Signature |
| IPSECIntermediateOffline | IPSec (Offline Request) |
| IPSECIntermediateOnline | IPSec |
| KerberosAuthentication | Kerberos Authentication |
| KeyRecoveryAgent | Key Recovery Agent |
| Machine | Computer |
| MachineEnrollmentAgent | Enrollment Agent (Computer) |
| OCSPResponseSigning | OCSP Response Signing |
| OfflineRouter | Router (Offline Request) |
| RASandIASServer | RAS and IAS Server |
| SmartcardLogon | Smartcard Logon |
| SmartcardUser | Smartcard User |
| SubCA | Subordinate Certification Authority |
| User | User |
| UserSignature | User Signature Onl |
| WebServer | Web Server |
| Workstation | Workstation Authentication |
Implementation
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Reinstalling the certificate templates means deleting them and then creating them again. To delete them, you must have Enterprise Administrator permissions.
The deletion itself is done with the ADSI editor (adsiedit.msc).
You connect to the configuration partition.
The certificate templates are located at Services – Public Key Services…
...below CN=Certificate Templates. Here you can select all or individual certificate templates and delete them by right-clicking.
To reinstall the default certificate templates, there is a corresponding certutil command:
certutil -installdefaulttemplates
Please note that the command must be executed with Enterprise Administrator privileges.
Related links:
External sources
- How to re-install the default certificate templates? (Microsoft, archive link)
English 
Deutsch
7 thoughts on “(Neu-) Installieren der Microsoft Standard Zertifikatvorlagen”
Comments are closed.