Creating the certificate templates

The certificate templates you create can be used for configuring WiFi, VPN, and Exchange. The Certificate Authority server uses these templates to generate the client certificate that is installed on devices. When you configure WiFi, VPN, and Exchange to use a certificate template, you must ensure that the connector service account has Read and Register permissions. The following screenshot provides a reference. If you do not give these permissions, we cannot find the templates.

You create certificate user and computer templates on the Active Directory certificate authority server you defined. (see How to select the policy service for device management). The templates you create must be named as follows, including the uppercase letters:

Computer-ClientAuth

User-ClientAuth

In some cases, you specify in the profile which type of certificate (user or computer) to use for authentication (for example, the iOS Wi-Fi profile) while others require you to use either the computer or the user certificate. To simplify profile configuration, we recommend creating both templates.

You use the Microsoft Management Console (MMC) on the certification authority server designated in the Centrify Connector to create the templates.