Prepare a certification authority to issue smart card certificates
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To prepare a certification authority to issue smart card certificates
Confirm that the proper security permissions are set on the Smart Card Logon, Smart Card User, and Enrollment Agent certificate templates.
Log on with administrator rights to the certification authority (CA) you will use to issue smart card certificates.
Open Certification Authority.
In the console tree, click Certificate Template.
- Certification Authority (Computer)/CA_Name/Certificate Templates
Do one of the following:
If the CA will issue certificates that are only for logging on to Windows with smart cards, click the Smart Card Logon certificate template, and then click OK.
If the CA will issue certificates that can be used to log on to Windows with smart cards and other uses, click the Smart Card User certificate template, and then click OK.
On the Action menu, point to New, and then click Certificate to Issue.
Click the Enrollment Agent certificate template, and then click OK.
To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.
The security permission setting of a certificate template indicates who is allowed to request a certificate of that type.
The Enrollment Agent certificate does not have to be issued from the same certification authority (CA) that will issue certificates for smart cards, as takes place in this procedure, but the issuing CA for the Enrollment Agent certificate must be a trusted enterprise CA in the domain. In that case, make sure that there is an enterprise CA in your domain that is capable of issuing Enrollment Agent certificates. To do this, follow the above steps for the CA that will issue certificates that will be used for logging on to Windows with a smart card and other uses. Then follow the above steps to issue an enrollment agent certificate.
This procedure only applies to enterprise CAs.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
Enrolling for a smart card certificate
Install a smart card reader on a computer
Set up a smart card for user logon
Prepare a smart card certificate enrollment station
Log on to a computer with a smart card
Working with MMC console files