Exercise 508 setting up a smart card for user logon 1

This preview shows page 229 - 231 out of 235 pages.

EXERCISE 5.08 SETTING UP A SMART CARD FOR USER LOGON 1. Log onto your workstation with a user account with rights to the Enrollment Agent Certificate template in the domain where the user's account is located. 2. Open Internet Explorer, and browse to , where servername is the name of the Certificate Authority on your network. 3. Click on Request a certificate , then Advanced Certificate Request . You’ll need to choose one of the following options: Smart Card Logon certificate if you want to issue a certificate that will only be valid for authenticating to the Windows domain A Smart Card User certificate will allow the user to secure email and personal information, as well as logging onto the Windows 2003 domain.
4. Under Certificate Authority , select the name of the CA for your domain. If there are multiple CA’s in your domain, click on the one that you wish to issue the smart card certificate. 5. For Cryptographic Service Provider , select the cryptographic service provider (CSP) of the smart card’s manufacturer. This is specific to the smart card hardware; consult the manufacturer’s documentation if you are uncertain. 6. In Administrator Signing Certificate , select the Enrollment Agent certificate that will sign the certificate enrollment request. Click Next to continue. 7. On the User to Enroll screen, click Select User to browse to the user account for which you are creating the smart card certificate. Click Enroll to create a certificate for this user. 8. You’ll be prompted to insert the user’s smart card into the reader on your system. When you click OK to proceed, you’ll be prompted to set an initial PIN number for the card. 9. If another user has previously used the smart card that you’re preparing, a message will appear indicating that another certificate already exists on the card. Click Yes to replace the existing certificate with the one you just created. 10. On the final screen, you’ll have the option to either view the certificate you just created, or to begin a new certificate request. 11. Close your browser when you’ve finished creating certificate requests so that no extraneous certificates can be created if you walk away from the enrollment station. Assigning Smart Cards Once you’ve pre-configured your users’ smart cards, you’ll need to establish guidelines defining how cards are assigned to those who require them. This part of your smart card deployment plan is more procedural than technical, as you need to determine acceptable policies and service level agreements for your smart cards and smart card readers. For example, what type of identification will you require in order for a user to obtain their smart card? Even if this is a small enough organization that you recognize all of your users on sight, you should still record information from a driver’s license or another piece of photo identification for auditing purposes.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture