Configure the PKIaaS WSTEP to enable WSTEP for devices.

To enable PKIaaS WSTEP for devices

  1. In the navigation tree of the new PKIaaS WSTEP Group Policy Object, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  2. In the content pane, right-click Certificate Services Client - Certificate Enrollment Policy and select Properties to display the Certificate Services Client - Certificate Enrollment Policy Properties dialog box.
    image-2024-1-24_16-43-22.png
  3. Select Enabled in the Configuration Model drop-down list. 

    If you are not installing WSTEP alongside an existing Microsoft CA WSTEP, select Active Directory Enrollment in the Certificate enrollment policy list pane, and click Remove.

  4. Click Add to display the Certificate Enrollment Policy Server dialog box.
    image-2024-1-24_16-45-8.png
  5. In the Enter enrollment policy server URI field, enter the PKIaaS WSTEP URI provided on the Entrust Certificate Services portal for device enrollment.
  6. In the Authentication type drop-down list, select the same "Windows Integrated" option (should be selected by default).
  7. Click Validate Server and check the URI validation results.
  8. Click Add to add the new PKIaaS WSTEP service to the Certificate enrollment policy list pane.
    image-2024-1-24_16-54-10.png
  9. In the Certificate enrollment policy list pane, check the box of the new PKIaaS WSTEP service to make it the default Certificate Enrollment Policy.
  10. Click OK.