Next in the collection of design specifications is a Microsoft PKI with added client certificate auto enrollment settings.
A customer asked me if I could implement this and seeing as I’ve done a fair bit of Microsoft PKIs before, it didn’t seem like too much of a hassle. Of course I wanted it to be documented and shared with all of you.
All in all, it was a little less than 8 hours before client certificates started rolling out, without anyone noticing.
Microsoft PKI with client certificate auto enrollment design specification (located on Google drive)