Requirements for automatic certificate distribution
3 things for automatic registration
For automatic certificate registration, we need the template in addition to
- die Berechtigung
- a group policy &
- Firewall ports
In order for a computer or a user to benefit from the automatic distribution, they first need the right to access the corresponding template.
Then the computer or the user must be informed that they are taking part in the process of automatic certificate registration (request and registration).
Finally, the network must be prepared accordingly. A client needs port 135 (RPC endpoint mapper) and a high port in the range 49152-65535 to transmit the request and registration.
Auto-registration occurs for a computer after a restart or every 8 hours. For a user after login or unlocking.
If you want to focus on that, you can issue the following commands via the command line:
Certuil -user -pulse
If you activate this option, you remove manually requested certificates from the memory, provided that they match the template for the automatic registration.