hello,
can I disable automatic renewal just for a single certificate template? I thing it is not possible.
I have the certificate autoenrollment technology enabled so that it automatically renews all expiring certificate templates. According to documentation, it does so at either 80% of the current certificate lifetime or sooner if specified on its certificate template. What I see, autoenrollment renews all expiring certificates based on any kind of template that allow for Enroll. It does not matter if the template does not allow for Autoenroll. Autoenroll permission affects only the initial certificate enrollment if there is not yet any such certificate. Even if I disable the Autoenroll permission on a template, the autoenrollment process still renews the expiring certificates as long as it has at least the Enroll permission.
Am I correct? It actually works like this, but I would like to be sure if it is the correct behavior.
So then - how do I prevent the autoenrollment process from renewing certificates based on one of the certificate templates only. I do not mind the behavior in case of other certificate templates, but we have a single certificate template which should explicitly prevent automatic renewal.
ondrej.