In order for domain clients to automatically enroll for and receive client authentication certificates (necessary for Internet-based client management), you need to enable certificate auto-enrollment on client machines using Group Policy.
1. The necessary setting can be found under:
Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Certificate Services Client – Auto-Enrollment
2. On the Certificate Services Client – Auto-Enrollment properties dialog:
3. Once the computer restarts, you can check the Local Computer certificate store for the presence of the new certificate under Certificates (Local Computer) > Personal > Certificates. If the computer obtained a valid certificate, you should verify that it was issued to the machine by either UIC Issuing CA 1 or UIC Issuing CA2 using the template ACCC Workstation Template.
July 27, 2015