In the Windows Domain, enable the certificate auto-enrollment for users.
To enable the certificate auto-enrollment for users
- Log in to the server hosting Active Directory.
- Open the Group Policy Management administrative tool. Select Start > Windows Administrative Tools > Group Policy Management.
The Group Policy Management dialog box appears.
- In the tree view, expand the Domain Controller you will modify.
- Right-click Default Domain Policy > Edit. The Group Policy Management Editor dialog box appears.
- Expand User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
- In the content pane, right-click Certificate Services Client Auto Enrollment > Properties.
The Certificate Services Client Auto Enrollment Properties dialog box appears.
- In the Configuration Model drop-down list, select Enabled.
- Select Renew expired certificates, update pending certificates, and remove revoked certificates.
- Select Update certificates that use certificate templates.
- Click OK.