000023243 - Adding and enabling Microsoft Certificates Authority to issue smart card certificates for domain users.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023243
Applies ToRSA SID800
RSA Authentication Utility (RAU)
RSA Sign-on Manager (SOM)
Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows XP
IssueAdding and enabling Microsoft Certificates Authority to issue smart card certificates for domain users.

 

 

Certificate templates, such as those necessary for the Microsoft CA to issue smart card certificates, are not available in default installation of the Microsoft CA.

Resolution

To make these certificate templates available in  Microsoft CA, update existing certificate templates

1.      Go to Start > Programs > Administrative Tools > Certification Authority and select the folder Certificate Templates to get an overview of all the current available certificate templates. To add certificate templates to the list of available templates right click on certificate templates, select templates to issue

  

2.      This will open the Enable Certificate Templates dialog:

 

To allow for your Microsoft CA to issue certificates for smart card logon onto the domain, you should select the following three certificate templates:

 

Enrollment Agent: a certificate intended for the entity that should be able to enroll certificates for other entities than itself.  For example, when the administrator wants to deploy smart card logon certificates for the employees in his organization, he would require an ?Enrollment Agent? certificate.

 

Smartcard Logon: Intended for smart card logon onto the domain

 

Smartcard User: an all-round certificate, intended for both smartcard login and for example signing and encrypting email messages and web authentication.

 

 

     Select all certificates templates as mentioned  and press OK to continue.

 

     All the necessary certificate templates will now be included in the list, enabling the

     personalization of a smart card with a smart card logon / user certificate:

 

     Close the Certificate Authority window to complete the operation

 

 

 

Legacy Article IDa32954

Attachments

    Outcomes