Enable smart card or other certificate authentication

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To enable smart card or other certificate authentication

  1. Open Network Connections.

  2. Right-click the dial-up, VPN, or incoming connection on which you want to use smart card or other certificate authentication, and then click Properties.

  3. If you are using typical settings for your smart card, on the Security tab, click Typical (recommended settings), and in the Validate my identity as follows list, click Use smart card, and then click OK.

  4. If you are individually enabling, configuring, and disabling authentication methods and encryption requirements, on the Security tab, click Advanced (custom settings), and click Settings. In Logon security, click Use Extensible Authentication Protocol (EAP), click Smart card or other certificate (encryption enabled), click Properties, and then do the following:

    • If you want to use the certificate that resides on your smart card, click Use my smart card.

    • If you want to use the certificate that resides in the certificate store on your computer, click Use a certificate on this computer.

    • If you want to verify that the server certificate presented to your computer has not expired, has the correct signature, and has a trusted root certification authority, select the Validate server certificate check box.

    • If you only want to connect to servers within a particular domain, select the Connect only if server name ends with check box, and then type the name of the domain.

    • To specify that the root certification authority for your server certificate must be in a particular root certification authority, in Trusted root certification authority, click the appropriate certification authority.

    • To use a different user name when the user name in the smart card or certificate is not the same as the user name in the domain that you are logging on to, select the Use a different user name for the connection check box.

Notes

  • To open Network Connections, click Start, click Control Panel, and then double-click Network Connections.

  • If, for example, you only want to connect to servers that reside in Microsoft.com, you type Microsoft.com in Connect only if server name ends in.

  • If, for example, you are working for a consulting company where you need to log on to the domain of the company to which you are assigned, but your smart card contains a user name specific to your home company, select the Use a different user name for the connection check box.

  • If you select the Use a different user name for the connection check box, your certificate is exported without private keys and submitted to your system administrator to be explicitly mapped to your domain user account. For more information, see Related Topics.

  • If you select the Connect only if server name ends with check box, and do not type a domain name, at the time you connect you are prompted to use the domain name in the server certificate.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Smart card and other certificate authentication
Mobile users and certificates
Map a certificate to a user account