We have our own CA certificate server. I am implementing certificates for our remote users for VPN. I am in a pilot phase where I can apply a user certificate from the CA on the notebook PC. The issue is that I have 300 notebooks and do not want to have to contact each user to request a user certificate and then second, the certificate would expire in a few years stopping people from getting on the VPN until we get them to renew the certificate.
Can you create a user group policy where it deploys a unique certifiate for each user and when it is close to expire it would renew automatically?