The Entrust WSTEP Service is a component of Certificate Enrollment Gateway. The Entrust WSTEP Service is Certificate Enrollment Gateway’s implementation of the WSTEP protocol.

The Entrust WSTEP Service will use Windows certificate templates when enrolling users, computers, or domain controllers with your Windows-native endpoints. Create as many new certificate templates as you require. For example, users may require certificates with two key pairs (such as Encryption and Verification) or one key pair (such as Signature or Encryption).

To create a Windows certificate template for WSTEP

1. Log into Active Directory as a member of the Domain Admins group.
2. Run mmc.exe (Select Start > Windows System > Run, then enter mmc.exe).
   The Microsoft Management Console appears. 
   
3. Select File > Add/Remove Snap-in.
   The Add or Remove Snap-ins dialog box appears.
   
4. In the Available snap-ins list, select Certificate Templates.
5. Click Add.
6. In the tree view, select the Certificate Templates snap-in.
7. Select the certificate you want to duplicate for the enrollment service. Supported templates:
   • Computer
   • Domain Controller
   • Kerberos Authentication
   • User
   • User Signature Only
8. Duplicate the template by selecting Action > Duplicate Template. A Properties of New Template dialog box appears. 
   

9. Under each tab, configure template options as described in the following sections. 

   Start configuring the template options from the Compatibility tab. Otherwise, the Provider Category option in the Cryptography tab will be locked to Legacy Cryptographic Service Provider.

   • Compatibility tab
   • General tab
   • Security tab
   • Request Handling tab
   • Cryptography tab
   • Key Attestation tab
   • Subject Name tab
   • Issuance Requirements tab
   • Extensions tab