Setting up a default certificate template on the NDES server

Follow these steps to set up a default certificate template on the NDES server.

About this task

Use the registry editor on the NDES server to specify a default template that the registration authority (NDES service) uses to request certificates for mobile devices. Use the certificate template that you created in the topics Configuring the certificate template on the SCEP server and Enabling a new certificate template on the CA as the default template on the NDES server.


  1. Log in to the NDES service with administrative credentials.
  2. Open the registry editor by using Start > Run > Regedit.exe.
  3. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP.
  4. Change the values of the following registry keys to the name of the template:
    • EncryptionTemplate
    • GeneralPurposeTemplate
    • SignatureTemplate
    You must set these registry keys with the value from the Template Namefield, not the Template Display Name field. The value in the Template Name field does not contain spaces.
    Template Name registry entry
  5. Restart IIS.
    For more information, see Restarting IIS on the NDES server.

What to do next

Increasing the password cache limit on the NDES server