Configure the PKIaaS WSTEP to enable WSTEP for users.

To enable PKIaaS WSTEP for users

  1. In the navigation tree of the new PKIaaS WSTEP Group Policy Object, expand User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  2. In the content pane, right-click Certificate Services Client - Certificate Enrollment Policy and select Properties to display the Certificate Services Client - Certificate Enrollment Policy Properties dialog box.
    image-2024-1-24_16-43-22.png

  3. Select Enabled in the Configuration Model drop-down list. 

    If you are not installing WSTEP alongside an existing Microsoft CA WSTEP, select Active Directory Enrollment in the Certificate enrollment policy list pane, and click Remove.

  4. Click Add to display the Certificate Enrollment Policy Server dialog box.
    image-2024-1-24_16-45-8.png
  5. In the Enter enrollment policy server URI field, enter the PKIaaS WSTEP URI you obtained in either:
  6. In the Authentication type drop-down list, select the same "Windows Integrated" option (should be selected by default).
  7. Click Validate Server and check the URI validation results.
  8. Click Add to add the new PKIaaS WSTEP service to the Certificate enrollment policy list pane.
    image-2024-1-24_16-54-10.png
  9. In the Certificate enrollment policy list pane, check the box of the new Entrust PKIaaS XCEP certificate enrollment policy to make it the default one.
  10. Click OK.