This blog post finishes a Certificate Autoenrollment in Windows Server 2016 blog post series. Here is a list of posts in the series:

• Certificate Autoenrollment in Windows Server 2016 (part 1)

First part makes introduction to certificate autoenrollment and describes certificate enrollment architecture in Windows 10 and Windows Server 2016.

• Certificate Autoenrollment in Windows Server 2016 (part 2)

Second part explains certificate autoenrollment architecture, its components and detailed processing rules.

• Certificate Autoenrollment in Windows Server 2016 (part 3)

Third part provides a step-by-step guide on configuring and utilizing certificate autoenrollment feature.

• Certificate Autoenrollment in Windows Server 2016 (part 4)

The last part provides information about advanced certificate autoenrollment features, scenarios and troubleshooting guide. Next section contains a list of reference documents used to write this whitepaper.

References

• Certificate Autoenrollment in Windows XP by David B. Cross (Microsoft)
  (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb456981(v=technet.10))
• [MS-CERSOD]: Certificate Services Protocols Overview — Open Protocol Specifications, Microsoft (https://msdn.microsoft.com/en-us/library/hh297583.aspx)
• [MS-CAESO]: Certificate Autoenrollment System Overview [ARCHIVED] — Open Protocol Specifications, Microsoft (https://msdn.microsoft.com/en-us/library/jj633107.aspx)
• [MS-WCCE]: Windows Client Certificate Enrollment Protocol — Open Protocol Specifications, Microsoft (https://msdn.microsoft.com/en-us/library/cc249879.aspx)
• [MS-XCEP]: X.509 Certificate Enrollment Policy Protocol — Open Protocol Specifications, Microsoft (https://msdn.microsoft.com/en-us/library/dd302869.aspx)
• [MS-WSTEP]: WS-Trust X.509v3 Token Enrollment Extensions — Open Protocol Specifications, Microsoft (https://msdn.microsoft.com/en-us/library/dd340609.aspx)
• [MS-CRTD]: Certificate Templates Structure — Open Protocol Specifications, Microsoft
  (https://msdn.microsoft.com/en-us/library/cc226517.aspx)
• RFC 5272: Certificate Management over CMS (CMC) — Internet Engineering Task Force
  (https://tools.ietf.org/html/rfc5272)
• Active Directory Certificate Services Longhorn Beta3 Key Archival and Recovery — Whitepaper, Microsoft (https://www.microsoft.com/en-us/download/details.aspx?id=19952, https://www.sysadmins.lv/dl/49.aspx)
• Implementing and Administering Certificate Templates in Windows Server 2008 — Whitepaper, Microsoft (https://www.microsoft.com/en-us/download/details.aspx?id=19169, https://www.sysadmins.lv/dl/44.aspx)*
• Query and Manage Event Logs with the Windows Events Command Line Utility (https://technet.microsoft.com/en-us/library/dd310329.aspx)
• Certificate Rebind in IIS 8.5 — Microsoft Docs, Microsoft (https://docs.microsoft.com/iis/get-started/whats-new-in-iis-85/certificate-rebind-in-iis85)
• Superseded Certificate Templates and impact on user’s AD store — Microsoft Support Knowledge Base (https://support.microsoft.com/en-us/help/2884551/superseded-certificate-templates-and-impact-on-user-s-ad-store)
• Certificate Enrollment Web Services in Active Directory Certificate Services — Whitepaper, Microsoft (https://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx

* — the link is dead. No replacement link is available.

Download

Here is full-featured printable version of the whitepaper: