IDEE
Guide to Setup User Certificates and Auto-Deployment

GPO for Auto Deployment

  1. In Server Manager, click on Tools > Group Policy Management, right-click on your domain and click add a new GPO, and give it an appropriate name.

  2. Right-click on the newly created GPO and select Edit.

  3. Go to User configuration > Policies > Windows Settings > Security Settings > Public Key Policy > Certificate Services Client - Auto Enrollment and Computer configuration > Policies > Windows Settings > Security Settings > Public Key Policy > Certificate Services Client - Autor Enrollment.

  4. Turn Configuration Model to Enable, select the options to Renew expired certificates, update pending certificates and remove revoked certificates, and Update certificates that use certificate templates.