Enabling WSTEP for users

Configure the WSTEP to enable WSTEP for users.

To enable WSTEP for users:

1. In the navigation tree of the new WSTEP Group Policy Object, expand User Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.

2. In the content pane, right-click Certificate Services Client - Certificate Enrollment Policy and select Properties to display the Certificate Services Client - Certificate Enrollment Policy Properties dialog box.

   

3. Select Enabled in the Configuration Model drop-down list.

   ---

   ⚠ If you are not installing WSTEP alongside an existing Microsoft CA WSTEP, select Active Directory Enrollment in the Certificate enrollment policy list pane, and click Remove.

   ---

4. Click Add to display the Certificate Enrollment Policy Server dialog box.

   

5. In the Enter enrollment policy server URI field, enter the WSTEP URI you obtained when either:

   • Adding Active Directory nodes
   • Getting the enrollment URL

6. In the Authentication type drop-down list, select the same “Windows Integrated” option (should be selected by default).

7. Click Validate Server and check the URI validation results.

   

8. Click Add to add the new WSTEP service to the Certificate enrollment policy list pane.

   

9. In the Certificate enrollment policy list pane, check the box of the new Entrust PKIaaS XCEP certificate enrollment policy to make it the default one.

10. Click OK.