To enable auto-enrollment for the group policy:
- Open the Group Policy Management Editor and select the group policy object that defines IPsec policies.
Click Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client - Auto Enrollment.
Double-click Certificate Services Client - Auto-Enrollment, select Enabled, and check the following boxes:
- Renew expired certificate, update pending certificates, and remove revoked certificates
Update certificates that use certificate templates
Click OK to save the auto-enrollment settings.