How to create a smartCard Login with Active Directory Certificate Services

Julian Kiessling 0 Reputation points
2023-05-26T09:06:13.54+00:00

i have a Windows Server 2019 with Active Directory domain Services and Certificate Authority

now i want to create SmartCard Login for the Users of the Domain.

at first i opened the "certsrv" application and selected a new Certificate template ("Enrollment Agent")

then i duplicated the SmartCard Logon Certificate template and changed following

Compatibility Settings: (Certification Auhtority = Windows Server 2016) / (Certificate recipient = Windows 10 / Windows Server 2016)

Cryptography:

Provider Category: Key Storage Provider

Algorithm name: RSA

Request must use on of the folowing providers:

Microsoft Software Key Storage Provider

Microsoft Smart Card Key Storage Provider

Issuance Requirements:

This Number of authorized signatures = 1

Application policy = Certificate Request Agend

and imported the new created template to "Certificate Templates" of "certsrv"

my next step was to open MMC.EXE and add the Snap-in certificate of local computer and current user

at local Computer

Personal -> Request new certificate

Selected Domain Controller Authentication

at current user i created a certificate for my domain admin user

Personal -> Request new certificate

Selected Enrollment Agent

Personal -> All Tasks -> Advanced Operations -> Enroll on behalf of

selected my domain admin user certificate

selected the new Certificate template ( "Project XY Smartcard Logon")

select the user wich should have the Smarcard Login

at this point i would expect a message to insert the smartcard, but simply it does not occur

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,606 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,219 questions
0 comments No comments
{count} votes