2008 R2 Standard domain. the CA *was* upgraded from 2003.
1. if i create a new certificate template at the 2008 Enterprise CA level, it does not appear on the web enrollment site. only templates created at the 2003 Enterprise level appear there. the same 2008 Enterprise templates DO appear in the "request new certificate" wizard of the certificates mms snap-in, and certificates issued from those templates work fine. is that expected? is there some trick to getting the templates visible in the web page? i read somewhere that it required ssl on the website, but i set up ssl and they still don't appear.
2. if i create a new template and make the validity period 10 years, certificates issued from that template are still only valid for two years. my root ca cert doesn't expire until 2023.