There are three prerequisites for automatic certificate distribution

Requirements for automatic certificate distribution

3 things for automatic registration

For automatic certificate registration, we need the template in addition to

  • die Berechtigung
  • a group policy &
  • Firewall ports

In order for a computer or a user to benefit from the automatic distribution, they first need the right to access the corresponding template.

Requirements Register automatically

Then the computer or the user must be informed that they are taking part in the process of automatic certificate registration (request and registration).

Activate automatic certificate management

Finally, the network must be prepared accordingly. A client needs port 135 (RPC endpoint mapper) and a high port in the range 49152-65535 to transmit the request and registration.

RPC endpoint mapper auto-enrollment

Auto-registration occurs for a computer after a restart or every 8 hours. For a user after login or unlocking.

Task CertificateServiceClient

If you want to focus on that, you can issue the following commands via the command line:

Certutil -pulse
Certuil -user -pulse


If you activate this option, you remove manually requested certificates from the memory, provided that they match the template for the automatic registration.

Update certificates that will become certificate templates

Certificate Authority RPC Error 1722