SmartCard Enrollment Station w. 2008 and Vista
Hi,since the Web Enrollment Component XEnroll has been replaced by CertEnroll, it's no more possible to enroll for SmartCards on behalf of another user via Web Enrollment. When I was searching, I just found the hint that this functionality is now implemented in the Vista Certificate Client (part of the certificate enrollment API?). Is there a tool shipped with Vista so that I can use a Vista machine as an Enrollment Station?GreetsMartin
March 18th, 2008 4:04pm
I went on trying and I found the place where you can request certificates on behalf of another user: you have to open the certificate-MMC-SnapIn, then click on your personal certificate store and choose action->all tasks->advanced operations->enroll on behalf of and everything works fine
March 18th, 2008 6:37pm
OK for getting the user certificate. What about the smart card transfert?
March 20th, 2008 2:20pm
You don't have to Transfer the Certificate to the SmartCard when you choose your SmartCard CSP as CSP. When you use your SmartCard CSP the private key is generated on the smartcard and when the enrollment process is done the certificate is copied to the token/smart card automatically. You can choose the CSP by clicking on the details button when you choose the template you want to use.
March 20th, 2008 6:48pm
OK. Wich CSP did you choose when you made certificate server install? Regards.
March 20th, 2008 7:51pm
you don't have to choose the csp at ca installation time, you can either decide which csp are available for the certificate when you define the certificate template or you can choose in the certificate request. I'm using Aladdin eToken (that's not a smart card but a usb token) and therefore use the eToken CSP.
March 20th, 2008 11:16pm
hi i am not getting it. i have enrolled certificates on behalf of three users. these are visible in the personal>>certificates but no message came up asking insert smart card into the reader, though my reader is working fine. how to write these (smartcard logon) certificates into the smart cards. regards
March 26th, 2010 1:54pm
If the certificate is being issued but is not being written to the card then you have not selected the correct CSP on your certificate template. Edit the certificate template to select the smart card CSP that you're using and you'll be fine. Note that when editing the certificate template, the CSP you want to use has to be installed on the computer from which you are performing the edit.Paul Adare CTO IdentIT Inc. ILM MVP
March 26th, 2010 2:02pm
Hi all! I got a question. I have to request a certificate behalf on user. I can successfully get it. But the task is to get certificate after administrator's approove. And when i change policy, the request is pending. Administrator approoves it. Then, How can i install the certificate on the e-token, where my private key is? PS: when i do the same for me - i export the certificate from CA and import it on my personal. It successfully installs on my e-token.
April 29th, 2010 5:21pm