Buypass SmartCard Enrollment Agent

General:

• Validity = 3 years
• Renewal Period = 6 weeks
• Published in Active Directory

Request Handling:

• Purpose = Signature means that the operator who is requesting the certificate
  is signing the with the Enrollment Agent certificate
• Key Size = 1024
• Enroll Subject without requiring any user input, which means you do not
  need to supplement the certificate with additional information, as the
  information is obtained from the user account logged in

Subject Name:

• Name is obtained from Active Directory based on the Fully distinguished
  name and the user's UPN

Issuance Requirements:

• This number of authorized signatures = 1
• Policy = Application Policy and Certificate Request Agent
• Reenrollment = Same criteria as for enrollment

Suspended templates:

• No settings = Default

Extensions:

• Application Policies = Certificate Request Agent

Extensions:

• Certificate Template information
• Issuance Policies = Default

(Certificate policies are also known as issuance policies)

Extensions:

• Key Usage
• Digitale Signature
• Critical Extension

Security:
These settings determine the privileges for the Certificate for read, modify
and enroll of certificate

Only the DL_CA_ADM and the DL_LRA_ADM groups should this certificate
via auto Enrollment

•   Authenticated Users = Read
•   DL_CA_Admins = Read, Write, Enroll 
•   DL_CA_LRA_Admins = Read, Enroll  
•   Domain Admins = Read, Write  
•   Enterprise Admins = Read, Write