SmartCard Enrollment Station w. 2008 and Vista
Hi,since the Web Enrollment Component XEnroll has been replaced by CertEnroll, it's no more possible to enroll for SmartCards on behalf of another user via Web Enrollment. When I was searching, I just found the hint that this functionality is now implemented in the Vista Certificate Client (part of the certificate enrollment API?). Is there a tool shipped with Vista so that I can use a Vista machine as an Enrollment Station?GreetsMartin
March 18th, 2008 4:04pm

I went on trying and I found the place where you can request certificates on behalf of another user: you have to open the certificate-MMC-SnapIn, then click on your personal certificate store and choose action->all tasks->advanced operations->enroll on behalf of and everything works fine
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2008 6:37pm

OK for getting the user certificate. What about the smart card transfert?
March 20th, 2008 2:20pm

You don't have to Transfer the Certificate to the SmartCard when you choose your SmartCard CSP as CSP. When you use your SmartCard CSP the private key is generated on the smartcard and when the enrollment process is done the certificate is copied to the token/smart card automatically. You can choose the CSP by clicking on the details button when you choose the template you want to use.
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2008 6:48pm

OK. Wich CSP did you choose when you made certificate server install? Regards.
March 20th, 2008 7:51pm

you don't have to choose the csp at ca installation time, you can either decide which csp are available for the certificate when you define the certificate template or you can choose in the certificate request. I'm using Aladdin eToken (that's not a smart card but a usb token) and therefore use the eToken CSP.
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2008 11:16pm

hi i am not getting it. i have enrolled certificates on behalf of three users. these are visible in the personal>>certificates but no message came up asking insert smart card into the reader, though my reader is working fine. how to write these (smartcard logon) certificates into the smart cards. regards
March 26th, 2010 1:54pm

If the certificate is being issued but is not being written to the card then you have not selected the correct CSP on your certificate template. Edit the certificate template to select the smart card CSP that you're using and you'll be fine. Note that when editing the certificate template, the CSP you want to use has to be installed on the computer from which you are performing the edit.Paul Adare CTO IdentIT Inc. ILM MVP
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2010 2:02pm

Hi all! I got a question. I have to request a certificate behalf on user. I can successfully get it. But the task is to get certificate after administrator's approove. And when i change policy, the request is pending. Administrator approoves it. Then, How can i install the certificate on the e-token, where my private key is? PS: when i do the same for me - i export the certificate from CA and import it on my personal. It successfully installs on my e-token.
April 29th, 2010 5:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics