Microsoft® enterprise certificate authorities (CAs) can be set up easily. The challenge comes with efficiently managing the complexity of the supporting PKI environment to ensure long-term certificate trust. Many use digital certificate templates to help manage certificate format and content and automate enrollment processes across a host of use cases. While the templates are powerful tools to ensure that the appropriate subscribers have access to the correct certificates through an authorized enrollment method, pitfalls exist related to template creation, configuration and management that can result in broken PKI trust and assurance.
Avoiding the Pitfalls of Digital Certificate Templates