What are steps to use Microsoft CA with a SID800?
Originally Published: 2010-04-30
Article Number
Applies To
RSA SID800
RSA SecurID SID800 Authenticator (USB token)
Microsoft CA
Microsoft Internet Explorer
Issue
Resolution
Here are Steps:
Log onto the 2008 server as administrator.
Enroll for an "Enrollment Agent" cert
User launches IE browser and accesses MS CA.
> Request a Certificate > Advanced Certificate Request > Create and Submit a Request to this CA
For Certificate Template select "Enrollment Agent",
For CSP select Microsoft Enhanced Cryptographic Provider
Select "Install this certificate". This will store the cert in your Personnel browser store.
Verify by going to Internet Options/Content/Certificates/Personnel
Highlight certificate. It should say "Certificate Request Agent".
Log onto the 2008 server as administrator.
Enroll for an "Enrollment Agent" cert
User launches IE browser and accesses MS CA.
> Request a Certificate > Advanced Certificate Request > Create and Submit a Request to this CA
For Certificate Template select "Enrollment Agent",
For CSP select Microsoft Enhanced Cryptographic Provider
Select "Install this certificate". This will store the cert in your Personnel browser store.
Verify by going to Internet Options/Content/Certificates/Personnel
Highlight certificate. It should say "Certificate Request Agent".
Next log onto the 2008 server as administrator and enroll for a Cert for another User .
Launch mmc
"Add/Remove Snap-ins" dialog appears.
Insert SID800 into the USB on 2008 server. (It doesn't need smart card until it tries to write the private key so you don't need to insert it here.)
Select File/Add/Remove Snap-in,
Select "Certificates", click on Add button to add it to the right side.
Certificate Snap-in dialog appears. Accept default setting of "My User Account" and click on
Launch mmc
"Add/Remove Snap-ins" dialog appears.
Insert SID800 into the USB on 2008 server. (It doesn't need smart card until it tries to write the private key so you don't need to insert it here.)
Select File/Add/Remove Snap-in,
Select "Certificates", click on Add button to add it to the right side.
Certificate Snap-in dialog appears. Accept default setting of "My User Account" and click on
Finish button. Click on OK on "Add/Remove Snap-ins" dialog.
Console1 dialog appears.
Console1 dialog appears.
Expand Certificates Current User, Highlight Personnel.
Select Action > All Tasks > Advanced Operations > Enroll on behalf of"
Certificate Enrollment dialog appears. Click on Next button.
Select Certificate Enrollment Policy dialog appears.
Highlight "Active Directory Enrollment Policy" and click on Next button.
Select Enrollment Agent Certificate dialog appears. Click browse.
Select a certificate dialog appears.
Highlight the Enrollment Agent Certificate your just created and click OK, then click Next button.
Active Directory Enrollment Policy displays.
Select "Smart Card User" and click on "Details"
Request Certificate Details dialog appears
Under Private Key tab, click on "Cryptographic Service Provider" icon
Select "Microsoft Smart Card Cryptographic Service Provider" and click OK.
Click on Next button
Select a User dialog appears.
Select the user that you are requesting the certificate for, by clicking on browser button.
Select Action > All Tasks > Advanced Operations > Enroll on behalf of"
Certificate Enrollment dialog appears. Click on Next button.
Select Certificate Enrollment Policy dialog appears.
Highlight "Active Directory Enrollment Policy" and click on Next button.
Select Enrollment Agent Certificate dialog appears. Click browse.
Select a certificate dialog appears.
Highlight the Enrollment Agent Certificate your just created and click OK, then click Next button.
Active Directory Enrollment Policy displays.
Select "Smart Card User" and click on "Details"
Request Certificate Details dialog appears
Under Private Key tab, click on "Cryptographic Service Provider" icon
Select "Microsoft Smart Card Cryptographic Service Provider" and click OK.
Click on Next button
Select a User dialog appears.
Select the user that you are requesting the certificate for, by clicking on browser button.
Select User dialog appears.
Enter the name of the user as it appears it the Active Directory and click on OK.
Select a User dialog re-appears with the user name filled in.
Click on Enroll.
Receive message to please insert smart or if already inserted, please re-insert it.
Remove and re-insert SID800.
Enter PIN dialog appears
Enter the PIN and click OK.
Click on Close on Certificate Snap-in dialog
Close Console1, no Save necessary.
Enter the name of the user as it appears it the Active Directory and click on OK.
Select a User dialog re-appears with the user name filled in.
Click on Enroll.
Receive message to please insert smart or if already inserted, please re-insert it.
Remove and re-insert SID800.
Enter PIN dialog appears
Enter the PIN and click OK.
Click on Close on Certificate Snap-in dialog
Close Console1, no Save necessary.
Verify by performing a cert logon as the other user.
Related Articles
How to deploy custom plugins in RSA Identity Governance and Lifecycle Number of Views Oracle INS-41812 OSDBA and OSASM are the same OS group warning during RSA Identity Governance & Lifecycle installation Number of Views What are the steps to use a SID800 token with SecurID ready applications? Number of Views What is the Return Merchandise Authorization (RMA) process for SID800 tokens? Number of Views What is the range of tokencodes accepted by RSA ACE/Server or RSA Authentication Manager? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
