Request a personal certificate on Windows automatically

windows certificate-authority

Solution 1:

This feature is called Certificate Autoenrollment: Configure Certificate Autoenrollment

just to note: do not use web enrollment, it is way outdated and have very and very limited functionality.

Edit: Here is how autoenrollment works.

  1. Each time group policies are refreshed on clients (on domain members it is about each 90min +/-, on domain controllers it is 15 or 5 minutes, depending on functional level) it triggers the autoenrollment.
  2. Autoenrollment checks all certificate templates from Active Directory and selects ones where current user account (or group) have Read and Autoenroll permissions.
  3. Autoenrollment locates available Enterprise CAs in an Active Directory forest and checks whether the CA supports certificate templates selected in step 2.
  4. Autoenrollment examines local certificate store and checks whether there are valid certificates based on templates selected in step 3. If there is missing certificate, autoenrollment performs silent certificate enrollment.

Although, the logic is more complex, this information is enough to you to understand how templates are selected, in other words, through permissions and certificate template availability at CA server.

Related

Cannot submit certificate requests to root CA
How is a data/file stored in a RAID-5
554 Bad PTR Record but Record exists and is correct
Add SPF record for multiple systems in different servers
PortForwarding eth0 to ppp0
how can we edit ssh keys of VM In GCP Please guide
Hosting docker images on multiple registries but reference them the same way e.g. in a k8s deployment
Ansible playbook starting with large forked host list, but spawning serial tasks for smaller subsets of hosts
Will a standard NAT-router firewall stop outgoing traffic?
Open FTP passive port on GCP for CentOS
Viewing IIS Web Configuration via PowerShell: HTTP Verbs
Postfix relay with STARTTLS - TLS is required, but was not offered by host