We help IT Professionals succeed at work.

Smartcard Enrollment

Ascentium
Ascentium asked
on
1,620 Views
Last Modified: 2012-05-06
I need to use an enrollment station to enroll smartcards for some users.  After going through the steps below I do not have this option when I navigate to the certificate enrollment page.

"Request a certificate for a smart card on behalf of another user using the Smart Card Enrollment"

Here are the steps already taken.

To prepare a smart card certificate enrollment station
On the computer that you will use to set up smart cards, install a smart card reader, following the manufacturer's instructions.

Log on as the user or administrator who will be installing certificates on smart cards.

On the taskbar, click the Start button, click Run, type mmc, and then click OK.

On the File menu, click Add/Remove Snap-in, and then click Add.

In Snap-in, double-click Certificates. If you are logged on as a user, the Certificates snap-in automatically loads.

If you are logged on as an Administrator, click My user account, and then click Finish.

Click Close and then click OK.

Double-click Certificates - Current User.

In the console tree, click Personal.
Where?

Certificates - Current User/Personal

On the Action menu, point to All Tasks, and then click Request New Certificate.

In the Certificate Request Wizard, click the Enrollment Agent certificate template and type a friendly name and a description for the certificate.

When prompted by the Certificate Request Wizard, click Install Certificate.
Comment
Watch Question

ParanormasticCryptographic Engineer
CERTIFIED EXPERT

Commented:
Here's the guide:
http://support.microsoft.com/kb/257480

Do you have an enrollment agent cert yet for the admin account you're logged in as?

Author

Commented:
Yes...already have the enrollment agent cert installed.  I've already gone through all the steps in that guide.  Still no option to enroll on behalf of another user.
ParanormasticCryptographic Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I get a page cannot be found when try to navigate to that inserting my CA Hostname.
Cryptographic Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Opened a PSS ticket for this.  We had to uninstall a hotfix for active x controls (sorry for being vague) that essentially made it so the option to request a cert on behalf of another user did not show up.  Then I had to roll back my IE version to 6 because IE 7 will not allow the active x controls for the enrollment page to run.  You also have to turn off the popup blocker so you get the warning and can accept to run the active x controls.  I think it may have been easier if I just uprgraded my cert server to 2008 so I could use the MMC instead.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.