Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Column
width62%

(lightbulb) This information is written in English only


The certificate issued for SmartCard Logon.




ExplanationsScreenshots

General:

  • Validity = 3 years
  • Renewal Period = 6 weeks
  • Published in Active Directory

We can see certificate issued under user account properties in AD

 

Image Modified

Compatability:

Default setting


Image Modified

Request Handling:

  • Purpose = Signature and SmartCard Logon
  • Prompt the User during enrollment = Set


Image Modified

Cryptography:

  • Key Size = 1024
  • Requests can use any provider available on the subject’s computer
  •  

Image Added

Key Attestation:

Default setting

Image Added

Subject Name:

Name is obtained from Active Directory based on the Fully distinguished name and the user's UPN
 

Image Added

Issuance Requirements:

  • This number of authorized signatures = 1
  • Policy = Application Policy and Certificate Request Agent
  • Reenrollment = Same criteria as for enrollment

Image Added

Suspended Templates:

 

No settings = Default

Image Added

Extensions:

  •   Application
Policy = Client Authentication, SmartCard Logon
  • policies = Smart card Logon, Client Authentication

Image Added

Extensions:

  • Basic Constraints = Default settings

Image Added

Extensions:

  • Certificate Template Information = Default Setting

Image Added

Extensions:

  • Issuance Policies = Default
setting (Certificate policies are also known as issuance policies)
  • Setting

Image Added

Extensions:

  • Key
Usage
  • Digital Signature
  • Critical extension
  •  
    • usage: Digital signature – Critical extension

    Image Added

    Security:

    These settings determine the privileges for the Certificate for read, modify and enroll of certificate.

    Only the DL_CA_ADM, the DL_LRA_ADM and the DL_CA_LRA

    _Operators

    groups should get this


    certificate via

    auto Enrollment

    Enroll.

  • Authenticated Users = Read
    • DL_CA_Admins = Read, Write, Enroll
    • DL_CA_LRA_Admins = Read, Write,
     
    • Enroll
    • DL_CA_LRA_Operators = Read, Enroll
  • Domain Admins = Read, Write
  • Enterprise Admins = Read, Write


    Image Added

    Server:

    Default settings

    Image Added




    Column
    width2%


    Column
    width26%


    Div
    classright-navigation


    Div
    classright-navigation

    Content  

    Page Tree
    root@parentMS Win 2016 Server - PKI installation
    startDepth2

    Include Page
    INCLIB:_right_navigation_style
    INCLIB:_right_navigation_style




    Column
    width10%


    Section


    Column
    width62%

    Include Page
    INCLIB:_bottom_bar
    INCLIB:_bottom_bar


    Column
    width2%


    Column
    width26%

     


    Column
    width10%



    Include Page
    INCLIB:_navigation_buttons_style
    INCLIB:_navigation_buttons_style
    Include Page
    INCLIB:doc_center_style
    INCLIB:doc_center_style
     
    Include Page
    INCLIB:_template_style
    INCLIB:_template_style