I posted this ages ago - Edit the IPSec (offline request) Certificate Template for MSCEP?
The thread has been closed but I managed to get this working and have replaced the IPSECIntermediateOffline Version 1 certificate template with a Version 2 one. Its simple once you know how... But it probably isn't supported by MS.
Andy
The thread has been closed but I managed to get this working and have replaced the IPSECIntermediateOffline Version 1 certificate template with a Version 2 one. Its simple once you know how... But it probably isn't supported by MS.
Code:
How to replace the 'IPSec (Offline request)' (IPSECIntermediateOffline) Certificate on Windows 2003 Enterprise CA Server.
1. Ensure Certificate Services is installed and running
2. Ensure MSCEP is installed and running
3. Install the support tools so you have ADSIEdit available
4. From the Certificate Template MMC create a duplicate of the 'IPSec (Offline request)' certificate - give it any name
5. Open ADSIEdit and navigate to
Configuration, 'CN=Configuration,DC=xxxx,DC=xxxx,DC=xxx'
CN=Services
CN=Public Key Services
CN=Certificate Templates
Right-click 'CN=IPSECIntermediateOffline' and select 'delete'
6. Go back to the Certificate Template MMC and refresh the display - the IPSec (Offline request) should have gone
7. Right-click the copy of the 'IPSec (Offline request)' certificate you created at step 4 and select 'Duplicate Template'
8. Change the Template Display name to 'IPSec (Offline request)' and change the Template name to 'IPSECIntermediateOffline'
9. The certificate is now a version 2 template and can be editedAndy
