Checklist: Strengthen Identity Management by Issuing Certificates for Smart Cards

Applies To: Windows Server 2008 R2

Smart cards and other physical authentication tokens improve upon basic password-based authentication by requiring users to supplement something they know—a password or personal identification number (PIN)—with something they have—the smart card or token. An obstacle to smart card deployments has been the cost and difficulty in managing smart card certificates. However, issuing and managing certificates with a Windows-based certification authority (CA) can be an efficient and cost-effective solution for deploying smart cards.

Task Reference

Set up additional subordinate CAs. (Optional)

Install a Subordinate Certification Authority

Install and configure certificate templates.

Managing Certificate Templates (https://go.microsoft.com/fwlink/?LinkId=142230)

Configure and implement a smart card enrollment station.

Set Up and Use a Smart Card Enrollment Station

Configure smart card clients.

Configure Smart Card Clients (https://go.microsoft.com/fwlink/?LinkID=94261)

Issue smart cards to users.

Issue Smart Cards (https://go.microsoft.com/fwlink/?LinkID=94262)