Enabling auto-enrollment for the group policy

To enable auto-enrollment for the group policy:

  1. Open the Group Policy Management Editor and select the group policy object that defines IPsec policies.

    Click Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client - Auto Enrollment.

  2. Double-click Certificate Services Client - Auto-Enrollment, select Enabled, and check the following boxes:

    • Renew expired certificate, update pending certificates, and remove revoked certificates
    • Update certificates that use certificate templates

  3. Click OK to save the auto-enrollment settings.