I am currently testing a smart card implementation and while I have most things working I have a problem with enrolling smart cards
I have setup my PKI environment and CA servers without difficulty and I am able to successfully enroll on behalf of to generate the smart card user certificates.
My problem is that per the documentation I have read (see link) the enroll on behalf of process is supposed to a) ask me to set a PIN and b) put the certificate on the smartcard. But it does neither of these. Instead I have to export the certificate and then go to http://www.netsolutions.gemalto.com/utilities.aspx
where I am able to copy the exportd certificate and set the PIN.
This is one of the documents I have followed
All servers are 2012 R2
All test clients are Windows 7
All patches have been applied to all systems