Installing Exchange Certificate Templates

In Microsoft Exchange 2000 Server, you had to manually add the certificate templates of Enrollment Agent (Computer), Exchange User, and Exchange Signature Only certificates before installing Key Management Server (KMS). In Exchange Server 2003, KMS is no longer used and the Users certificate that is installed by default has the following functions:

• Encrypting File System

• Secure E-Mail (both signature and encryption)

• Client Authentication

Because the “generic” users certificate now has these functions bundled into a single certificate, you’ll find that the default installation of Certificate Services in Windows Server 2003 should meet most of your needs as far as your users are concerned.

However, at some point you might need to install additional certificate templates to issue certificates for other needs. You can easily accomplish this in the CA snap-in. To add another certificate template to those already there by default, right-click the Certificate Template folder in the Certification Authority snap-in, point to New, and select Certificate Template To Issue. The dialog box shown in Figure 25-31 appears. In this dialog box, you can choose, by default, from the following templates:

Figure 25-31: Choosing a certificate template.

• Authenticated Session

• CEP Encryption

• Code Signing

• Enrollment Agent

• Exchange Enrollment Agent (offline request)

• Enrollment Agent (Computer)

• Exchange Signature Only

• Exchange User

• IPSec

• IPSec (offline)

• Router (offline)

• Smartcard Logon

• Smartcard User

• Trust List Signing

• User Signature Only

These are default certificate templates installed with Certificate Services:

• EFS Recovery Agent

• Basic EFS

• Domain Controller

• Web Server

• Computer

• User

• Subordinate Certification Authority

• Administrator