0 managing a smart card with the mini driver, 1 prerequisites, Managing a smart card with the mini driver – HID Crescendo C1150 Administration Guide User Manual
Page 20: Prerequisites
HID Global Crescendo C1150 – Administration Guide
Page 20 of 115
November 2013
© 2013 HID Global Corporation. All rights reserved.
4.0 Managing a Smart Card with the Mini Driver
This section explains how to issue a smart card for other users as well as for you.
N
OTE
Enrollment for a smart card certificate must be a controlled procedure, in the
same manner that employee badges are controlled for purposes of
identification and physical access.
The recommended method for enrolling users for smart card-based
certificates and keys is through the Smart Card Enrollment station that is
integrated with Certificate Services in Microsoft Windows Server 2008.
describes the process of how to enroll for a smart card
user or smart card logon certificate through the Smart Card Enrollment
Station. This process is likely completed by your system administrator.
As a user, request your own certificate through the Microsoft Certificate
Services interface on your local workstation. In this case, a domain user
cannot enroll for a Smart Card Logon certificate (which provides
authentication) or a Smart Card User certificate (which provides
authentication plus the capability to secure e-mail) unless a system
administrator has granted the user access rights to the certificate template
stored in Active Directory. This is described in section
4.1
Prerequisites
Microsoft Windows 2008 Server is installed and configured as a Primary Domain
Controller.
Active Directory is configured to manage users and computers.
DNS Server is configured with your domain name.
Internet Information Services (IIS) is installed (to be able to request a certificate through
the Smart Card Enrollment Station.
Microsoft Windows Certificate Services is installed and configured.
Microsoft CA is configured with an issuance Certificate Template for smart card logon
onto the domain. It must include the following certificates:
Enrollment Agent - a certificate intended for the entity that should be able to enroll
certificates for other entities than itself. For example, when an administrator wants
to deploy smart card logon certificates for the employees in an organization, he
would require an “Enrollment Agent” certificate.
Smartcard Logon - intended for smart card logon onto the domain.
Smartcard User - an all-round certificate, intended both for smart card logon and,
for example, signing and encrypting e-mail messages and web authentication.
Microsoft CA Registration Authority (RA) station is created with:
All the drivers required for your HID Crescendo C1150 card and smart card reader.