1.       Install the middleware in Vista

2.       Resign Admin CA cert to have basic constraints

a.       Sign from another CA that allows Basic PKIX-Compliant CA profile:

                                                               i.      Ensure that the CA that you sign from allows another subordinate CA = verify the Path Length Constraint of signing CA first, otherwise Admin cert verification will fail.

                                                             ii.      Set path length constraint to 0 for new Admin CA cert.

b.      Restart sdir.

c.       Re-sign, using self (Admin CA) and keep existing extensions.

d.      Restart sdir

3.       Trust System CA so the enrollment website is trusted

4.       Add the enrollment website to the Trusted Sites in IE

a.       Allow Unsigned ActiveX and Scripts to run for Trusted Sites ? Set to Prompt

5.       Update Admin enrollment xuda file with new version (RCM 6.8 build 516 or higher)

6.       Uncomment appropriate lines in enrollment new xuda page 

Enroll for Admin cert using SID 800, you will receive many prompts related to running scripts and activex controls due to the trusted sites settings.

a.       Select 1024

b.      Select Smart Card provider

c.       Select protect private key = yes

d.      Enter SID 800 PIN

e.      Wait for about a minute

8.       Approve Cert

9.       Visit cert download link

10.   Click Install Root CA cert (Unless you have already trusted the Admin CA), need to manually select trusted root CAs as storage container.

11.