Topic Last Modified: 2013-07-03

The following section describes how to configure an Enterprise Root Certification Authority (CA) to support smart card authentication. For information on how to install an Enterprise Root CA, see Install an Enterprise Root Certification Authority at http://go.microsoft.com/fwlink/p/?LinkID=313364.

Configuring an Enterprise Root Certificate Authority to Support Smart Card Authentication

The following steps describe how to configure an Enterprise Root CA to support Smart Card Authentication:

  1. Log in to the Enterprise CA computer using a Domain Admin account.

  2. Launch System Manager, and verify that the Certificate Authority Web Enrollment role is installed.

  3. From the Administrative Tools menu, open the Certification Authority management console.

  4. In the Navigation pane, expand Certification Authority.

  5. Right click on Certificate Templates, select New, then select Certificate Template to Issue.

  6. Select Enrollment Agent, Smartcard User, and Smartcard Logon.

  7. Click OK.

  8. Right click on Certificate Templates.

  9. Select Manage.

  10. Open the properties of the Smartcard User template.

  11. Click on the Security tab.

  12. Change the permissions as follows:

    • Add individual user AD accounts with Read/Enroll (Allow) permissions, or

    • Add a security group containing smart card users with Read/Enroll (Allow) permissions, or

    • Add the Domain Users group with Read/Enroll (Allow) permissions