Buypass SmartCard Enrollment Agent

General:

• Validity = 3 years
• Renewal Period= 6 weeks
• Published in Active Directory

Request Handling:

• Purpose = Signature means that the operator who is requesting the certificate is signing the request with the Enrollment Agent certificate
• Key Size = 1024
• Enroll Subject without requiring any user   input, which means you do not need to supplement the certificate with additional information, as the information is obtained from the user account logged in.

Subject Name:

• Name is obtained from Active Directory based on the Fully Distinguished name and the user's UPN

Issuance Requirements:

• This number of authorized signatures = 1
• Policy= Application Policy and Certificate Request Agent
• Reenrollment= Same criteria as for enrollment

Suspended templates:

• No settings = Default

Extensions:

• Application Policies= Certificate Request Agent

Extensions:

• Certificate Template information
• Issuance Policies=Default

(Certificate policies are also known as issuance policies)

Extensions:

• Key Usage
• Digitale Signature
• Critical Extension

Security:
  These settings determine the privileges for the Certificate for read, modify and enroll   of certificate.

  Only the DL_CA_ADM and the DL_LRA_ADM groups should this certificate via auto Enrollment.

•   Authenticated Users = Read
•   DL_CA_Admins= Read, Write, Enroll 
•   DL_CA_LRA_Admins = Read, Enroll  
•   Domain Admins = Read, Write  
•   Enterprise Admins = Read, Write