# Certificate Templates The `Certificate Templates` page provides a list of enumerated certificate templates in entire Acitve Directory. The list contains the `Published`, `Allow Domain Authentication`, `Enrollee Supplies Subject`, `Require Manager Approval`, `Risk Score` ,`Exposure Point` and `Issue Counts` columns.

Certificate Templates

## Certificate Template Details Details page contains the `Risk Score` of the certificate template, `Exposure Point`, `Information` and `Issues` panes. {% hint style="info" %} You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`. {% endhint %}

Certificate Template Details

## Information `Information Pane` contains `Details` and `Published By` tabs respectively. ## Details Details tab contains attributes below about certificate template object. | Attribute | Description | | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Name** | Name of the specified object. (**Ldap Display Name**: name) | | **Display Name** | The display name for an object. (**LDAP Display Name**: displayName) | | **Distinguished Name** | Active Directory distinguished name of the object. (**Ldap Display Name** | | **Published** | Whether the certificate template has been published by any certificate authority. | | **Enrollee Supplies Subject** | Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to this certificate template has been allowed. | | **Allow Domain Authentication** | Whether certificate template contains any Extended Key Usage(EKU) that allows to auhenticate in the domain. | | **Require Manager Approval** | Whether the certificate requests based on the template require manager approval to be issued. | | **Validity Period** | The period of time during which a certificate is intended to be valid. | | **Renewal Period** | The period of time during which a certificate is intended to be renew. | | **Schema Version** | The certificate template schema version. | | **Authorized Signatures Required** | The number of Authorized Signatures to issue a certificate. | | **Enrollment Flags** | Specifies the enrollment flags. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1)) | | **Certificate Name Flags** | Specifies the subject name flags. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/1192823c-d839-4bc3-9b6b-fa8c53507ae1)) | | **Extended Key Usages** | Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. | | **Certificate Application Policies** | Specifies certificate application policy extension. In GUI, this attribute can be controlled by setting "Application Policies" in "Extensions" tab. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/44012f2d-5ef3-440d-a61b-b30d3d978130)) | | **Registration Authority Application Policies** | Encapsulates embedded properties for multipurpose use. In GUI, this attribute can be controlled by checking `This number of authorized signatures` check box in `Issuance Requirements` tab and choosing `Application Policy` menu. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/3fe798de-6252-4350-aace-f418603ddeda)) | | **Issuance Policies** | Contains the list of required policy OIDs from registration authorities who sign the enrollment request. ([Field Reference](https://learn.microsoft.com/en-us/windows/win32/adschema/a-mspki-ra-policies)) | | **Created Time** | The date when this object was created. (**Ldap Display Name**: whenCreated) | | **Last Changed Time** | The date when this object was last changed. (**Ldap Display Name**: whenChanged) | ## Published By Published By tab contains a list of certificate authorities that are published this certificate template. This list contains `Root CA`, `Enterprise CA` and `Enrollee Supplies Subject` columns.

Published By

## Issues Issues pane contains identified issues on the certificate template object. ![Issues](/files/M7LE7v8qD0saAbDUG7Aj) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/ad-identities/certificate-templates.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.