, select the name of the CA for your
domain. If there are multiple CA’s in your domain, click on the one
that you wish to issue the smart card certificate.
Cryptographic Service Provider
, select the cryptographic
service provider (CSP) of the smart card’s manufacturer. This is
specific to the smart card hardware; consult the manufacturer’s
documentation if you are uncertain.
Administrator Signing Certificate
, select the Enrollment Agent
certificate that will sign the certificate enrollment request. Click
7. On the
User to Enroll
to browse to the
user account for which you are creating the smart card certificate.
to create a certificate for this user.
You’ll be prompted to insert the user’s smart card into the reader on
your system. When you click
to proceed, you’ll be prompted to
set an initial PIN number for the card.
If another user has previously used the smart card that you’re
preparing, a message will appear indicating that another certificate
already exists on the card. Click
to replace the existing
certificate with the one you just created.
10. On the final screen, you’ll have the option to either view the
certificate you just created, or to begin a new certificate request.
Close your browser
when you’ve finished creating certificate
requests so that no extraneous certificates can be created if you walk
away from the enrollment station.
Assigning Smart Cards
Once you’ve pre-configured your users’ smart cards, you’ll need to establish
guidelines defining how cards are assigned to those who require them. This part
of your smart card deployment plan is more procedural than technical, as you
need to determine acceptable policies and service level agreements for your
smart cards and smart card readers. For example, what type of identification will
you require in order for a user to obtain their smart card? Even if this is a small
enough organization that you recognize all of your users on sight, you should still
record information from a driver’s license or another piece of photo identification
for auditing purposes.