Automatic Certificate Requests Using SCEP

Unanswered Question
Jul 6th, 2010
User Badges:


I am using the Cisco ASA 5540 (8.2(1)11) and MS Enterprise Server 2k3 certificate service. I’ve configured Cisco AnyConnect XML profile to auto enroll for certificate. It's working great but it's using the IPSEC (Offline Request) template and its intended purpose is IP security IKE intermediate. Is it possible to use my own custom template? If yes, where do I configure it?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Marcin Latosiewicz Tue, 07/06/2010 - 07:45
User Badges:
  • Cisco Employee,


If I remember correctly, and I'm not dealing with MS CA daily, the certificate templates are something that only exists on MS CA (ie it's the server that generates certificate using particular template, the information is not in CSR)

Hopefully someone here will know, but I'd suggest to lauch a parallel thread on MS forums.


Todd Starling Thu, 11/11/2010 - 20:38
User Badges:

Unfortunately the Windows 2003 SCEP server is limited to the IPSEC Offline certificate template. In order to get

custom templates you must use the Windows 2008 NDES server. In that version you can have unique templates for

Encryption, Signing, and General Purpose.


This Discussion