Skip to main content

Set Certificate Authority permissions

After you create the PIV-PIV Authentication certificate template, you need to set the following permissions required to issue certificates with Microsoft CA:

User permissions

  • Read
  • Enroll

To set the Certificate Authority permissions, follow these steps:

  1. On the Microsoft CA machine, go to Start > Windows Administrative Tools > Certification Authority. Root Folder
  2. To set the user permissions, right-click Certificate Templates, and then select Manage. The Certificate Templates Console appears. Certificate Templates Console
  3. In the templates list, double-click PIV - PIV Authentication. The PIV Authentication Properties dialog appears.
  4. Click the Security tab.
  5. In the Group or user names list, select the name of the administrator account for the Microsoft CA host computer.
  6. Under Permissions for <user account>, in the Allow column, ensure that Read and Enroll permissions are selected.
  7. Click OK to save the settings and close the window.