Type
Certificate Template Name
|
|
Description
|
| User |
|
|
| |
UCB.User |
Client Authentication
Secure E-mail
|
The User certificate is used for smart card logon,
VPN authentication, and signing e-mail. |
| UCB.User.EFS |
Encryption |
The smart card user certificate is used for smart card logon,
VPN authentication, and signing e-mail. |
| UCB.User.Encrypted E-mail |
Encryption |
The encrypted e-mail certificate is published in the directory.
When an encrypted e-mail is sent, the sender encrypts the message
with the recipient's certificate. As a public institution with data
retention requirements, this certificate requires a recovery key.
The recovery key can be used by administrators, in accordance with
campus policy, to decrypt the encrypted files. |
| UCB.User.Smartcard Logon |
Client Authentication
Smartcard Logon |
The smart card user certificate is used for smart card logon and
VPN authentication. |
| UCB.User.Smartcard Users |
Client Authentication
Smartcard Logon
Secure E-mail |
The smart card user certificate is used for smart card logon,
VPN authentication, and signing e-mail. |
| Machine |
|
|
| |
CA Exchange
|
Encryption |
This template is used by the certificate authorities
to exchange information. |
| Computer |
Client Authentication
IPSec |
The computer certificate is used by machines for
computer to computer authentication, computer VPN authentication,
and IPsec communication between machines. This template is used
by Windows 2000 machines using autoenrollment. |
| Domain Controller |
Client Authentication
IPSec
Server Authentication |
The domain controller certificate is used for domain
controller to computer authentication, VPN authentication, and IPsec
communication between machines. This template is used by Windows
2000 Domain Controllers using autoenrollment. |
| Domain Controller Authentication |
Client Authentication
IPSec
Server Authentication |
The domain controller certificate is used for domain controller
to computer authentication, VPN authentication, and IPsec communication
between machines. This template is used by Windows 2003 Domain
Controllers using autoenrollment.
|
| IPSEC |
IPSec |
The IPSEC certificate is used by Windows 2000/XP/2003/Vista machines
for IPsec communication between machines. This template is used
by machines using autoenrollment. |
UCB.Machine.CEP Encryption
Requires CA manager approval |
Client Authentication
Server Authentication |
The CEP encryption certificate is used by network
devices for VPN and firewall communication encryption. |
| UCB.Machine.Computer Authentication |
Client Authentication
IPSec |
The computer certificate is used for computer to
computer authentication, computer VPN authentication, and IPsec
communication between machines. |
UCB.Machine.Computer.Authentication (Manual
request)
Requires CA manager approval |
Client Authentication
IPSec |
The computer certificate is used for computer to
computer authentication, computer VPN authentication, and IPsec
communication between machines. The template allows the requester
to enter the DNS hostname and wait for CA manager approval. |
UCB.Machine.Computer.Authentication (Web request)
Requires CA manager approval |
Client Authentication
IPSec |
The computer certificate is used for computer to
computer authentication, computer VPN authentication, and IPsec
communication between machines. The template submits a request based
on the DNS hostname of the machine used to submit the request. |
|
UCB.Machine.RAS and IAS Server
Requires CA manager approval
|
Client Authentication
IPSec
Server Authentication |
The RAS and IAS server certificate is used by the
Microsoft Remote Access Server for VPN connections. |
|
UCB.Machine.Web Server
Requires CA manager approval
|
Server Authentication
IPSec |
The SSL certificate authenticates a server to a connecting
client. SSL certificates are used for encrypting web, e-mail, and
VPN traffic. The template submits a request based on the DNS hostname
of the machine used to submit the request. |
UCB.Machine.Web Server (Manual request)
Requires CA manager approval |
Server Authentication
IPSec |
The SSL certificate authenticates a server to a connecting
client. SSL certificates are used for encrypting web, e-mail, and
VPN traffic. The template submits a request based on the DNS hostname
of the machine used to submit the request. |
| Administrative |
|
|
| |
UCB.Administrative.Code Signing
Requires CA manager approval |
Signing |
The code signing certificate is used to sign published
code for the verification of code source and integrity. |
UCB.Administrative.EFS Recovery Agent
Requires CA manager approval |
Key Recovery |
The encryption key recovery certificate is used to
recover an EFS certificate's private key. The key recovery is done
to recover encrypted data when the users private key is lost. As
a public institution with data retention requirements, some encrypted
data must be recoverable, check campus policies for more information.
|
UCB.Administrative.Enrollment Agent
Requires CA manager approval |
Client Authentication
Signing |
The smartcard enrollment agent certificate allows
an administrator to request a smart card certificate on behalf of
another user. Administrators preparing smartcards for other users
need this certificate. |
UCB.Administrative.Enrollment Agent (Computer)
Requires CA manager approval |
Client Authentication
Signing |
The smartcard enrollment agent certificate allows
an administrator to request a smart card certificate on behalf of
another user. Administrators preparing smartcards for other users
need this certificate. |
UCB.Administrative.Key Recovery Agent
Requires CA manager approval |
Key Recovery |
The encryption key recovery certificate is used to
recover a certificate's private key. The key recovery is done to
recover encrypted data when the users private key is lost. As a
public institution with data retention requirements, some encrypted
data must be recoverable, check campus policies for more information.
|
