Disabling Challenge Password in Microsoft CA server

1. From your computer, launch the registry editor.



2. Navigate to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > MSCEP.



3. Set EnforcePassword to 0.



4. From IIS Manager, expand the CA, click Application Pools, and then select SCEP.



5. From the right panel, click Advanced Settings.



6. Set Load User Profile to True, and then click OK.



7. From the right panel, click Recycle to restart the SCEP application pool.



8. From IIS Manager, expand the CA, and then expand Sites > Default Web Site.



9. From the right panel, click Restart.

When opening the NDES from web browser, you can now only view the CA thumbprint.