Note that commands copy pasted from this page may need formatting metadata scrubbed and may contain unintended spaced.
Stop Duplicate Certificates from Being Generated
To stop the duplicate certificates from being generated, perform the following steps:
In the EJBCA Adm Web, click System Configuration > Custom Certificate Extensions.
In Object Identifier (OID), enter 220.127.116.11.4.1.311.21.7.
In Label, enter User Certificate Template Information and click Add.
Click Edit on the object previously added.
Select the Encoding to DEROBJECT.
Open PowerShell on the CS Host and run the following to get the Certificate Template OIDs:
Certutil -catemplates -v | select-string displayname,msPKI-Cert-Template-OID
Copy the portion of the user template OID string following "18.104.22.168.4.1.311.21.8.".
Paste the string in the Value field.
For example, for the following OID:
paste the following in the Value field:
Repeat these steps for the computer auto enrollment template, specifying Computer Certificate Template Information as the label, and obtaining the value from the computer template OID.
Enable Custom Extensions in Certificate Profile
To enable the Custom Extensions in the Certificate Profile, perform the following steps:
Click CA Functions > Certificate Profiles.
Clone from the ENDUSER Certificate Profile, giving it a name such as User_Certificate_Profile (or select the Certificate Profile already being used).
Edit the User_Certificate_Profile.
Key Usage: Digital Signature, Non-repudiation, and Key encipherment (if not already selected).
Extended Key Usage: Client Authentication, Email Protection, and MS Encrypted File System (EFS).
Used Custom Certificate Extensions: Certificate Template Information.
Available CAs: Issuing CA.