To work with Certificate Enrollment Gateway, Windows domain endpoints need the Certificate Enrollment Policy Web Service URL. Complete the following procedure to add the Certificate Enrollment Policy Web Service URL for Windows domain endpoints.

To configure the Certificate Enrollment Policy Web Service for Windows domain endpoints

1. Log in to the server hosting Active Directory.
2. Open the Group Policy Management administrative tool. Select Start > Windows Administrative Tools > Group Policy Management. The Group Policy Management dialog box appears.
   
3. In the tree view, expand the Domain Controller you will modify.
4. Right-click Default Domain Policy > Edit. The Group Policy Management Editor dialog box appears.
   
5. In the tree view, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
6. In the content pane, right-click Certificate Services Client - Certificate Enrollment Policy > Properties.
   The Certificate Services Client - Certificate Enrollment Policy Properties dialog box appears.
   
   
   
7. In the Configuration Model drop-down list, select Enabled.
8. If you are not installing WSTEP along with an existing Microsoft CA, select Active Directory Enrollment in the Certificate enrollment policy list pane, and then click Remove.
9. Click Add.
   The Certificate Enrollment Policy Server dialog box appears.
   
10. In the Enter enrollment policy server URI field, enter the Certificate Enrollment Policy Web Service URL that you obtained earlier.
11. In the Authentication type drop-down list, select the same authentication mode that you configured earlier in Selecting the authentication mode of the CEP Web Service using the Windows graphical interface.
12. Click Validate Server. If the selected authentication type is Username/password, you will be prompted for the username and password of the user logged in to the computer.
    
13. Click Add.
    The Certificate enrollment policy list pane should display the friendly name of the Certificate Enrollment Policy Web Service that you specified earlier in Assigning a friendly name to the CEP Web Service using the Windows graphical interface.
    
14. In the Certificate enrollment policy list pane, select the checkbox for the Certificate Enrollment Policy Web Service you just added to make it the default Certificate Enrollment Policy.
15. Click OK.