To prepare a certification authority to issue smart card certificates

1. Confirm that the proper security permissions are set on the Smart Card Logon, Smart Card User, and Enrollment Agent certificate templates.
2. Log on with administrator rights to the certification authority (CA) you will use to issue smart card certificates.
3. Open Certification Authority.
4. In the console tree, click Policy Settings.

   Where?

   • Certification Authority (Computer)
   • CA_Name
   • Policy Settings
5. On the Action menu, point to New, and then click Certificate to Issue.
6. Do one of the following:
   • If the CA will issue certificates that are only for logging on to Windows with smart cards, click the Smart Card Logon certificate template, and then click OK.
   • If the CA will issue certificates that can be used to log on to Windows with smart cards and other uses, click the Smart Card User certificate template, and then click OK.
7. On the Action menu, point to New, and then click Certificate to Issue.
8. Click the Enrollment Agent certificate template, and then click OK.

Notes

• XOX
• The security permission setting of a certificate template indicates who is allowed to request a certificate of that type.
• The Enrollment Agent certificate does not have to be issued from the same certification authority (CA) that will issue certificates for smart cards, as takes place in this procedure, but the issuing CA for the Enrollment Agent certificate must be a trusted enterprise CA in the domain. In that case, make sure that there is an enterprise CA in your domain that is capable of issuing Enrollment Agent certificates. To do this, follow the above steps for the CA that will issue certificates that will be used for logging on to Windows with a smart card and other uses. Then follow the above steps to issue an enrollment agent certificate.
• This procedure only applies to enterprise CAs.

Related Topics