Step 8: Verify Delegated Smart Card Registration

Verifying Forefront Identity Manager 2010 Certificate Management for Smart Card self-service consists of the following:

• Log on to CLIENT1 and initiate the smart card

• Log on to CLIENT 2 and complete the enrollment

Log on to CLIENT1 and initiate the smart card

Logon with a regular user and issue that user a smart card.

To Log on to CLIENT1 and initiate the smart card

1. Log on to CLIENT1 as corp\User1.

2. Click Start, click All Programs, and then click Internet Explorer.

3. In Internet Explorer, in the address bar at the top, enter https://fimcm1/certificatemanagement and hit enter. This should bring up the Forefront Identity Manager 2010 page. Click on click to enter. This will bring you to the main FIM CM page. This may take a moment.

4. Under Common Tasks click Enroll a user for a new set of certificates or smart card. This will bring up a Search for Users screen.

   

5. On the Search for Users screen, click Search. This will return all of the users in our domain.

   

6. From the users, click Lola Jacobson. This will bring up the Manager-Initiated Enroll screen.

   

7. On the Manager-Initiated Enroll screen click OK.

8. This will begin the process and an e-mail will be sent to Lola. On the Request Status screen click OK.

   

9. Close Internet Explorer.

Log on to CLIENT 2 and complete the enrollment

Logon with a regular user and issue that user a smart card.

To log on to CLIENT 2 and complete the enrollment

1. Log on to CLIENT2 as corp\ljacobson.

2. Insert a new smart card into the smart card reader.

3. Click Start, select All Programs, click Microsoft Office, and then select Microsoft Office Outlook 2010. This will launch the Microsoft Outlook 2010 Startup Wizard. Click Next.

4. On E-mail Accounts, ensure Yes is selected, and then click Next.

5. On Auto Account Setup, wait for the information to automatically populate. It should have LolaJacobson@corp.contoso.com for an e-mail address. Click Next.

6. On Configuring, wait until you receive three green checks, and then click Finish.

7. Outlook will now start up. On the User Name box, click OK.

8. This will bring up the Activation Wizard. Click Cancel.

   Warning

   If you are planning on using this lab for more than 30 days you will have to activate Outlook either via the Internet or by telephone.

9. This will bring up the Welcome to Microsoft Office 2010 screen. Select Use Recommended Settings and click OK. This will bring up a UAC window. Enter the Administrator username and password. Click Yes.

10. In Outlook, there should be an e-mail in Lola Jacobson’s inbox from User1. This is the e-mail that was sent in the previous step. Double-click it.

    

11. In the e-mail, highlight the secret password, right-click and select copy. Next click the https://fimcm1/cetificatemanagement link.

12. This should bring up the Forefront Identity Manager 2010 page. Click on click to enter. This will bring you to the main FIM CM page. This may take a moment.

13. Under Common Tasks click Complete a request with one-time passwords. This will bring up the Validate One-Time Passwords screen.

    

14. In the box next to One-time password 1 paste the copied secret password and click Next. This will bring up the Request Enrollment screen.

    

15. On the Request Enrollment screen, click Next.

16. This will begin the process. You will see a small pop-up box that says Initializing, Creating and generating keys, writing certificates.

17. At this point, you will be prompted for a PIN. Enter 1234 for the New PIN and 1234 for Confirm PIN. Click OK.

    

18. At this point, the smart card should complete and you will be on the Request Complete screen.

    

19. Close Internet Explorer.

20. Log off of CLIENT2.

21. On CLIENT2, hit CTRL+ALT+DELETE, click Switch User and select Lola Jacobson Smartcard Logon.

22. Enter the PIN (1234) and hit enter. You should now be logged on to CLIENT2 as Lola.