On the Active Directory server, open a Command Prompt window and run the following command to add the Enrollment Service URL with the certutil utility.
certutil –config "<name>" –enrollmentserverURL <url> <auth> [<priority>]Where:
<name>is the name of the enrollment service.<url>is the URL described in Building the Enrollment URL.<auth>is the identifier of the authentication mode:kerberosfor Kerberos authentication, orusertokenfor user name and password authentication.<priority>is the server priority. If you omit this parameter, the value defaults to 1.
For example, when authenticating with a user name and password:
certutil -config "CEGMSCA" -enrollmentserverURL https://cegserver1.example.com:443/wstep/usertoken/services/tenant1/example-ca1 usernameFor example, when authenticating with Kerberos:
certutil -config "CEGMSCA" -enrollmentserverURL https://cegserver1.example.com:443/wstep/kerberos/services/tenant1/example-ca1 kerberosTo check the added URL, run certutil without arguments. For example:
PS C:\Windows\system32> certutilEntry 0: Name: "CEGMSCA" Organizational Unit: "" Organization: "" Locality: "" State: "" Country/region: "" Config: "cegmsca.example.com\CEGMSCA" Exchange Certificate: "" Signature Certificate: "" Description: "" Server: "cegmsca.example.com" Authority: "CEGMSCA" Sanitized Name: "CEGMSCA" Short Name: "CEGMSCA" Sanitized Short Name: "CEGMSCA" Flags: "1" Web Enrollment Servers:140https://cegserver1.example.com:443/wstep/usertoken/services/tenant1/example-ca10120https://cegserver1.example.com:443/wstep/kerberos/services/tenant1/example-ca10CertUtil: -dump command completed successfully.