Page 1 of 1

Using smartcards to logon to Windows - Issue smart card certificate management [2/4]

Posted: Fri May 20, 2016 5:04 am
by JavaCardOS
To let smart card users login windows workstation, workstation should issue smart card certificate to users firstly. Smart card certificate is a digital certificate stored in user's smart card. Operations are as follows:

1> In "Server Manager" window, select "Roles->Active Directory Certificate Services -> server-WIN-BP8PSK12IOH-CA -> Certificate Templates", right-click the option " Certificate Templates". In the popup menu, select "New –> Certificate Template to Issue"


Then the dialog box "Enable certificate Templates" will pop up, select "SmartCard Logon", "Smartcard User", "Enrollment Agent(Computer)", " Enrollment Agent", Click OK.
After adding templates, return "Server Manager" window and the new template you create will be there.


2> Open IIS manager and select "Server Certificate" under root directory :


Select the configured CA, click "Create Self-Signed Certificate in the right sidebar, type the certificate name (e.g. JAVACARD_CA), click "OK".


Select Default web Site and then click "Bindings…" in the right sidebar. In the popup "Site Bindings" dialog box, click "Add…". Select "https" under Type in "Add Site Binding" dialog box,and set SSLCertificate as certificate name, click OK. At this time, https protocol has been set.