Create the BopsRA Template

Creating and Issuing the BopsRA Certificate Template

1. Open Certificate Template Management

1. On the Certificate Authority (CA) server, open Server Manager.

2. Click Tools → Certification Authority.

3. In the CA console, right-click Certificate Templates and select Manage.

   • The full list of certificate templates will appear.

2. Duplicate the Enrollment Agent (Computer) Template

1. Locate Enrollment Agent (Computer) in the template list.

2. Right-click it and select Duplicate Template.

3. Configure the New Template

Set the template parameters to match the following screenshots:

• General

• Compatibility

• Request Handling
  

  

• Cryptography
  

  

• Key Attestation
  

  

• Superseded Templates
  

  

   

• Extensions
  

  

   

• Permissions for RA server
  

  

   

• Server
  

  

   

• Subject Name
  

  

   

• Issuance Requirements
  

  

After adjusting all settings, click Apply and close the Certificate Templates Console.

4. Issue the New Template

1. In the CA console, right-click Certificate Templates → New → Certificate Template to Issue.

2. From the list, select BopsRA.

3. Click OK.

5. Request the BopsRA Certificate on the RA/EP Server

1. On the RA or EP server, open the Start menu and type mmc, then press Enter to launch the Microsoft Management Console.

2. From the File menu, choose Add/Remove Snap-in.

3. Select Certificates and click Add.

4. Choose Computer account, then click Finish.

5. Navigate to:
   Certificates (Local Computer) → Personal → Certificates

6. In the middle pane, right-click and choose:
   All Tasks → Request New Certificate

7. Follow the wizard to enroll for a BopsRA certificate.