There may be some situations where a you may not want to use or sync a particular certificate template for WSTEP enrollments. See the supported methods for disabling certificate templates below.
While disabled, certificate templates remain defined in Active Directory but can no longer be used to enroll certificates.
Disabling a certificate template by removing the read permission
To disable a certificate template, you can:
- Select the Security tab in the certificate template properties dialog.
- Disable the Read permission for the PKIaaS WSTEP service account.
The performed changes will take effect on the next automatic synchronization.
Disabling a certificate template by unassigning the CA
To disable a certificate template, you can unassign the associated CA as explained in Manage Certificate Templates.
Changes performed on the Entrust PKIaaS UI take effect instantly.