This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

What are steps to use Microsoft CA with a SID800?

Article Number

000026583

Applies To

RSA Authentication Client 3.5.x
RSA SID800
RSA SecurID SID800 Authenticator (USB token)
Microsoft CA
Microsoft Internet Explorer

Issue

What are steps to use Microsoft CA with a SID800?

Resolution

Here are Steps:

Log onto the 2008 server as administrator.
Enroll for an "Enrollment Agent" cert
User launches IE browser and accesses MS CA.
> Request a Certificate > Advanced Certificate Request > Create and Submit a Request to this CA
For Certificate Template select "Enrollment Agent", 
For CSP select Microsoft Enhanced Cryptographic Provider
Select "Install this certificate". This will store the cert in your Personnel browser store.
Verify by going to Internet Options/Content/Certificates/Personnel
Highlight certificate. It should say "Certificate Request Agent".
 
Next log onto the 2008 server as administrator and enroll for a Cert for another User .
Launch mmc
"Add/Remove Snap-ins" dialog appears.
Insert SID800 into the USB on 2008 server. (It doesn't need smart card until it tries to write the private key so you don't need to insert it here.)
Select File/Add/Remove Snap-in, 
Select "Certificates", click on Add button to add it to the right side.
Certificate Snap-in dialog appears. Accept default setting of "My User Account" and click on
Finish button. Click on OK on "Add/Remove Snap-ins" dialog.
Console1 dialog appears.
Expand Certificates Current User, Highlight Personnel.
Select Action > All Tasks > Advanced Operations > Enroll on behalf of"
Certificate Enrollment dialog appears. Click on Next button.
Select Certificate Enrollment Policy dialog appears.
Highlight "Active Directory Enrollment Policy" and click on Next button.
Select Enrollment Agent Certificate dialog appears. Click browse.
Select a certificate dialog appears.
Highlight the Enrollment Agent Certificate your just created and click OK, then click Next button.
Active Directory Enrollment Policy displays.
Select "Smart Card User" and click on "Details"
Request Certificate Details dialog appears
Under Private Key tab,  click on "Cryptographic Service Provider" icon
Select "Microsoft Smart Card Cryptographic Service Provider" and click OK.
Click on Next button
Select a User dialog appears.
Select the user that you are requesting the certificate for, by clicking on browser button.
Select User dialog appears.
Enter the name of the user as it appears it the Active Directory and click on OK.
Select a User dialog re-appears with the user name filled in.
Click on Enroll.
Receive message to please insert smart or if already inserted, please re-insert it.
Remove and re-insert SID800.
Enter PIN dialog appears
Enter the PIN and click OK.
Click on Close on Certificate Snap-in dialog
Close Console1, no Save necessary.
Verify by performing a cert logon as the other user.

0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 06:03 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.