Create the authentication template you will later use when Generating a client keystore for CA Gateway

To create a client authentication template for Microsoft CA

  1. Log in to the Microsoft CA server machine.
  2. Press Win + R to open the Run dialog.
  3. Type "mmc” and press Enter to open the Microsoft Management Console.
  4. Go to Certificate Authority.
  5. Right-click Certificate Templates and select Manage.
  6. Right-click the User template and select Duplicate Template.
  7. In the template properties dialog, configure the settings described below.
  8. Click OK to close the dialog.
  9. Go to Certificate Authority.
  10. Right-click Certificate Templates and select New >Certificate Template to Issue.
  11. Select Client Authentication from the list.

General

In this tab, set Template display name to Client Authentication.

Security 

In this tab, configure the user permissions as follows.

Ensure that your organization's policies are enforced when adding or removing user groups or assigning permissions to groups.

To configure the user permissions of the client authentication template

  1. Grant necessary permissions to a user group – for example, click Read, Write, Enroll for the Domain Admins group.
  2. In the other groups, deselect any unnecessary permissions – for example, deselect the Write and Enroll permissions from the Authenticated Users group. 
  3. Remove the unnecessary groups.

Subject

In this tab, enable the Supply in request radio button.

Click OK to close the warning pop-up message.

Extensions

In this tab, edit Application Policies and remove:

  • Encrypting File System
  • Secure Email