Configure the following setting in the Extensions tab of the Properties of the New Template dialog.
See Active Directory (WSTEP) certificate profiles for a full reference on the WSTEP certificate capabilities.
Application Policies
Select this field and click Edit to choose the Extended Key Usages (EKUs) of the issued certificates. For example:
- Client Authentication
- Server Authentication
Key Usage
Select this field and click Edit to choose supported key usage combinations.
- Digital Signature
- Digital Signature and Key Encipherment
- Digital Signature and Nonrepudiation
- Key Encipherment
- Key Encipherment and Digital Signature with Nonrepudiation
Specifically, any combination containing the following key usages is not supported.
- CRL Sign
- Decipher Only
- Encipher Only
- Key Agreement
- Key Cert Sign