Prepare a smart card certificate enrollment station

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To prepare a smart card certificate enrollment station

  1. On the computer that you will use to set up smart cards, install a smart card reader, following the manufacturer's instructions.

  2. Log on as the user or administrator who will be installing certificates on smart cards.

  3. On the taskbar, click the Start button, click Run, type mmc, and then click OK.

  4. On the File menu, click Add/Remove Snap-in, and then click Add.

  5. In Snap-in, double-click Certificates. If you are logged on as a user, the Certificates snap-in automatically loads.

    • If you are logged on as an Administrator, click My user account, and then click Finish.
  6. Click Close and then click OK.

  7. Double-click Certificates - Current User.

  8. In the console tree, click Personal.

    Where?

    • Certificates - Current User/Personal
  9. On the Action menu, point to All Tasks, and then click Request New Certificate.

  10. In the Certificate Request Wizard, click the Enrollment Agent certificate template and type a friendly name and a description for the certificate.

  11. When prompted by the Certificate Request Wizard, click Install Certificate.

Notes

  • The Web enrollment station can also be used instead of the method described in this procedure. For more information, see Related Topics.

  • Before requesting smart card logon certificates for users, a smart card administrator must have an Enrollment Agent certificate available to generate smart card certificate requests on the behalf of others. That is the purpose of this procedure.

  • To perform this procedure, you must have the appropriate security permissions to administer the Enrollment Agent certificate template. See Related Topics for more information about Enrollment Agent certificates and enrolling for a smart card certificate.

  • The Enrollment Agent certificate can be installed on a smart card, if you want. In that case, you must use the smart card manufacturer's cryptographic service provider (CSP) when requesting the certificate. (Click the Advanced Options button in the Certificate Request Wizard to select a smart card CSP for the Enrollment Agent certificate.)

  • These tasks can be performed on any computer running Windows XP or a member of the Windows Server 2003 family that you want to use as a smart card certificate enrollment station.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Enrolling for a smart card certificate
Prepare a certification authority to issue smart card certificates
Set up a smart card for user logon
Log on to a computer with a smart card
Manage certificates for your user account
Working with MMC console files