3 enrolling a smart card user, Enrolling a smart card user, Chapter – HID Crescendo Integration User Manual

December 1, 2008

© 2008 HID Global Corporation. All rights reserved.

Page 25 of 54

47A3-905, A.1

Crescendo Integration Guide

Microsoft Windows Server 2003

Enrolling a smart card user

3

After creating the RA station, as described in section

2.4

, you are ready to enroll smart card certificates for domain

users other than yourself.
notes:

Enrollment for a smart card certificate must be a controlled procedure, in the same manner that employee

badges are controlled for purposes of identification and physical access.
The recommended method for enrolling users for smart card-based certificates and keys is through the

Smart Card Enrollment station that is integrated with Certificate Services in Windows 2003.
Therefore, this chapter describes the process of how to enroll for a smart card user or smart card logon

certificate through the Smart Card Enrollment Station. This process is likely completed by your system

administrator. As a user, request your own certificate through the Microsoft Certificate Services interface on

your local workstation. In this case, a domain user cannot enroll for a Smart Card Logon certificate (which

provides authentication) or a Smart Card User certificate (which provides authentication plus the capability

to secure e-mail) unless a system administrator has granted the user access rights to the certificate template

stored in Active Directory.

From the enrollment station connect to the ‘Smart card Certificate Enrollment Station’ web page of the CA.

This smart card enrollment web page can be found at http://<machine-name>/certsrv/ where the

1.

<machine-name> enter the machine name where you have installed the CA:

Figure 22: Microsoft Certificate Services: Welcome

Select



Request a certificate