The Entrust WSTEP Service is the Certificate Enrollment Gateway’s implementation of the WSTEP protocol. The Entrust WSTEP Service will use Windows certificate templates when enrolling users, computers, or domain controllers with your Windows-native endpoints.

If you already have a Microsoft CA installed in Active Directory, the Certificate Templates feature is already enabled, and you can skip this section. Otherwise, you must add the Certificate Templates feature using either Windows PowerShell or the Windows graphical interface.

Adding the certificate templates feature using PowerShell

To add Certificate Templates using Windows PowerShell, complete the following procedure.

1. Log in to the server hosting Active Directory as a member of the Domain Admins and Enterprise Admins groups.
2. Open an elevated PowerShell window. Select Start > Windows PowerShell, then right-click Windows PowerShell > Run as administrator.

3. Run the following command.

   Add-WindowsFeature RSAT-ADCS-Mgmt

4. Launch the Certificate Templates snap-in.

   C:\Windows\System32\certtmpl.msc
5. Answer Yes when prompted to install the templates into Active Directory.

Adding the certificate templates feature using the Windows graphical interface

To add Certificate Templates using the Windows graphical interface, complete the following procedure.

1. Log in to the server hosting Active Directory as a member of the Domain Admins and Enterprise Admins groups.
2. Open Server Manager. Select Start > Server Manager.
   The Server Manager dialog box appears. 
   
3. Select Manage > Add Roles and Features.
   The Add Roles and Features Wizard dialog box appears. 
   
4. If the Before you Begin page appears, click Next.
   The Select installation type page appears. 
   
5. Select Role-based or feature-based installation.
6. Click Next.
   The Select destination server page appears. 
   
7. Click Select a server from the pool.
8. In the Server Pool list, select the server.
9. Click Next.
   The Select server roles page appears. 
   
10. Select Active Directory Certificate Services.
    Another Add Roles and Features Wizard dialog box may appear, informing you that some features are required for Active Directory Certificate Services. 
    
11. Click Add Features to add these required features and close the dialog box.
12. Click Next. The Select features dialog box appears. 
    
13. Expand Remote Server Administration Tools > Role Administration Tools, then select Active Directory Certificate Services Tools.
14. Click Next. The Confirm installation selections page appears. 
    
15. Click Install. The Installation Progress page appears.
    A progress indicator displays the progress of the installation. After the roles and features are installed, a success message appears. 
    
16. Click Close.
17. Run mmc.exe.
    The Microsoft Management Console appears. 
    
18. Select File > Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears. 
    
19. In the Available snap-ins list, select Certificate Templates.
20. Click Add.
21. Click OK to close the Add or Remove Snap-ins dialog and return to the Microsoft Management Console. 
    
22. Select Certificate Templates.
    A dialog will appear, prompting to install the certificate templates.
23. Click Yes to install the templates.