Windows CA – How to Create a Device Certificate

Posted on Posted in Uncategorized

On your server with the Certificate Authority installed, run certsrv.msc.

Ensure the server tree is expanded, Right-click Certificate Templates, and click Manage.
Manage Certificate Templates

The Certificate Templates Console opens. 

Right-click on the Computer template, and click Duplicate Template.
Duplicate Template

Under the General tab, give the Template a new but related name, like Computer-2. You can modify any settings you need as well, such as making the private key exportable.
Computer Template Settings

Click Ok when done.

Now the Template will not show immediately in the Certsrv. To make it show up, first Right-Click the server name in Certsrv, and click Stop Service. Once stopped, Right-Click the server name again and click Start Service.
Restart Certification Authority

Now Right-Click Certificate Templates, hover over New, and click Certificate Template to Issue. It may take a minute, but a new dialog will appear.
Make Certificate Template Issue-able

Click the new Template you created and click Ok.
Enable Certificate Template

Now, from the PC you need to create the device cert on, open mmc.exe and add the Certificates Snapin for the Computer account.
MMC Add Certificates Snapin for Computer Account

Expand Certificates. Right-click Personal. Click Request New Certificate. Click Next Twice, so you are at the screen to select the Cert Template to request the cert for. Check the one with the name you selected from the prior step, and Click Enroll.
Request New Certificate
Select Cert Template

The device cert will be created, and if you expand Personal, click on Certificates, you will see the certificate.
Device Cert Created

Tagged with: , , ,