In IIS, there is an option to "Create Domain Certificate." This works great except for one problem. The template that this process uses is the "Web Server" template in the CA which has a key with only 1024 bits. I have duplicated this template and then changed the minimum key length to 2048.
I have an Enterprise CA running on Windows Server 2008 R2.
Is it possible to have all the IIS servers in my domain use the new template when going through the "Create Domain Certificate" wizard?
IIS's wizard will always use the Web Server template. You can't use the wizard if you want to create a certificate against a different template.
Annoying, huh?
Here the technet guys sound rather proud of the fact that the IIS GUI doesn't recognize custom templates.
Take a look at this page. It describes how to generate an offline request where you can choose the template. Pay attention in step 6 to click details and properties to specify the friendly name if people will use a DNS alias to access the site. This is however and offline request, and still requires you use some cli to submit the request.