Hello, and thanks in advance for the help.
I've got a freshly built Windows 2012 Datacenter CA, happily serving certificates out to the the forest.
However, it keeps issuing 1024-bit WebServer certificates to initial WebServer requests (from IIS on Win2K12 using Request Domain Certificate..., which is a requirement in our environment). If I immediately renew the certificate, it'll issue a 2048-bit certificate. Why does the CA issue a 1024-bit certificate the first time, then a 2048-bit certificate on the renewal? How do I ensure the CA issues 2048-bit certificates the FIRST time? Or how to I prevent the CA from issuing 1024-bit certificates?
I'd love to be able to set the minimum for the WebServer template, but that doesn't seem to be an option.
I've created a custom template "WebServer - XXXX", but unfortunately IIS looks for the "WebServer" template so the request fails.
I'm stumped here. I just want to ensure that my CA will only issue 2048-bit+ WebServer certificates when IIS requests these certs?