|Applies To||RSA SID800|
RSA Authentication Utility (RAU)
RSA Sign-on Manager (SOM)
Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows XP
|Issue||Adding and enabling Microsoft Certificates Authority to issue smart card certificates for domain users.|
Certificate templates, such as those necessary for the Microsoft CA to issue smart card certificates, are not available in default installation of the Microsoft CA.
To make these certificate templates available in Microsoft CA, update existing certificate templates
1. Go to Start > Programs > Administrative Tools > Certification Authority and select the folder Certificate Templates to get an overview of all the current available certificate templates. To add certificate templates to the list of available templates right click on certificate templates, select templates to issue
2. This will open the Enable Certificate Templates dialog:
To allow for your Microsoft CA to issue certificates for smart card logon onto the domain, you should select the following three certificate templates:
Enrollment Agent: a certificate intended for the entity that should be able to enroll certificates for other entities than itself. For example, when the administrator wants to deploy smart card logon certificates for the employees in his organization, he would require an ?Enrollment Agent? certificate.
Smartcard Logon: Intended for smart card logon onto the domain
Smartcard User: an all-round certificate, intended for both smartcard login and for example signing and encrypting email messages and web authentication.
Select all certificates templates as mentioned and press OK to continue.
All the necessary certificate templates will now be included in the list, enabling the
personalization of a smart card with a smart card logon / user certificate:
Close the Certificate Authority window to complete the operation
|Legacy Article ID||a32954|