Privacy policy. This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
It includes the following resources about the architecture, certificate management, and services that are related to smart card use:. Smart Card Architecture : Learn about enabling communications with smart cards and smart card readers, which can be different according to the vendor that supplies them. Click on [Yes] to continue. Click on [Install this certificate] on the "Certificate Issued" page to install the certificate within the token.
Click on [Yes] when the warning message [Do you want to allow the actions performed by this website] appears. In the same directory, right-click [Interactive logon: Smart card removal behavior] and select [properties]. Under the [Local Security Setting] tab, select the action to perform when the UniToken device is removed from the computer, then click on [OK] to apply.
Active Directory must trust a certification authority to authenticate users based on certificates from that CA. Both Smartcard workstations and domain controllers must be configured with correctly configured certificates. Both the domain controllers and the smartcard workstations trust this root. Export or download the third-party root certificate. How to obtaining the party root certificate varies by vendor. The certificate must be in Base64 Encoded X. To configure Group Policy in the Windows domain to distribute the third-party CA to the trusted root store of all domain computers:.
If the CA that issued the smart card logon certificate or the domain controller certificates is not properly posted in the NTAuth store, the smart card logon process does not work. The corresponding answer is "Unable to verify the credentials".
The NTAuth store is located in the Configuration container for the forest. By default, this store is created when you install a Microsoft Enterprise CA. The object can also be created manually by using ADSIedit. For more information, click the following article number to view the article in the Microsoft Knowledge Base:. After you put the third-party CA in the NTAuth store, Domain-based Group Policy places a registry key a thumbprint of the certificate in the following location on all computers in the domain:.
Request and install a domain controller certificate on the domain controller s. Each domain controller that is going to authenticate smartcard users must have a domain controller certificate. If you install a Microsoft Enterprise CA in an Active Directory forest, all domain controllers automatically enroll for a domain controller certificate. For more information about requirements for domain controller certificates from a third-party CA, click the following article number to view the article in the Microsoft Knowledge Base:.
Using a non-Microsoft CA to issue a certificate to a domain controller may cause unexpected behavior or unsupported results. An improperly formatted certificate or a certificate with the subject name absent may cause these or other capabilities to stop responding.
Not an IT pro? Resources for IT Professionals. Sign in. United States English. Ask a question. Quick access. Search related threads.
0コメント