Dell Data Protection | Encryption Betriebsanweisung PDF herunterladen (Seite 7)

Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication 7

Smart Card Logon Certificates

Enrollment for a Smart Card Logon Certificate

Any entity wishing to obtain a smart card logon certificate for use with Active Directory can initiate the process by

following these steps:

Go to the

Enroll Certificate using Browser

page for an appropriate CA account/sub-account on the public side of the

CertAgent website.

Select the

CSP

associated with your smart card.

Select

Both

for the

Key Usage

value.

Deselect the checkbox labeled

Mark keys as exportable

Fill in the rest of the form and click

Submit

Once your certificate request has been accepted, make a note of the request ID generated by the system.

Issuing a Smart Card Logon Certificate

A CertAgent CA may follow these steps to issue the certificate:

Click the desired certificate request from the pending list to open the advanced dialog.

Select

Issue certificate with customized settings

from the

Action

drop-down list.

Customize the extensions for this certificate as follows:

• under CRL Distribution Point, enter a CRL distribution point URL.

• under Key Usage, check only the

digital signature

checkbox.

• under Extended Key Usage, check only the

client authentication

and

MS: Smart Card Logon

checkboxes.

• under Subject Alternative Name, add an

Other Name

field and complete its attributes as follows:

specify an

OID

1.3.6.1.4.1.311.20.2.3

set

UTF8 String

as the type of the attribute and enter the principal name as its value (for example,

[email protected]).

• Basic Constraints are optional, but if you include them be sure to deselect the

checkbox.

Review the changes and then click

Submit

to issue the certificate.

For more detailed instructions on enabling smart card logon, see

http://support.microsoft.com/kb/281245

Installing a Smart Card Logon Certificate

Once a smart card logon certificate has been issued, the entity who requested it may retrieve it and install it on their

computer as follows:

Go to the

Retrieve Certificate

page of the CertAgent public site.

1 2 3 4 5 6 7 8 9 10

Kommentare zu diesen Handbüchern

Keine Kommentare

Dell Data Protection | Encryption Betriebsanweisung Seite 7

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Nein Dell Data Protection | Encryption