Microsoft NDES – use custom certificate template

Published by Tobias Hofmann on

1 min read

To change the default certificate template NDES is using, it is necessary to change some Windows registry values. Looks like there is no GUI tool from Microsoft for this available. The procedure for changing these values is given by Microsoft [1],[2]. To do so, open the registry editor and navigate to:

HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Cryptography -> MSCEP

Under this node, the registry values can be found. By default, the certificate template used by NDES is IPSECIntermediateOffline.

I`ll now use my AfariaUser certificate I created in an earlier blog (you can find it on my site). To change this and to make use of the new AfariaUser certificate, edit all three entries.

Afterwards, the registry key looks like this:

To make the new templates effective for new requests, restart IIS (or the CA too, or the whole computer).

References

[1] http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx#Appendix_2_Set_Registry_Keys_to_Default_Values

[2] https://technet.microsoft.com/de-de/library/ff955642(v=ws.10).aspx

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

www.autoglas-nord.de · May 4, 2019 at 01:46

Gute Webpage. Danke.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.