A custom Version 2 template for smart card logon is unavailable for enrollment on the smart card enrollment station Web pages.
Back to the top
This problem occurs if the following conditions are true:
| • | The certificate template has been configured to use the CA certificate manager approval option on the Issuance Requirements tab of the template properties dialog box. |
| • | The certificate template has not been set to require exactly one signature of an authorized certificate request agent. The smart card enrollment station ignores any templates that do not require exactly one authorized signature. |
Because of these conditions, the Version 2 Smart Card logon template may not appear in the Web page when you click the
Request a certificate for a smart card on behalf of another user by using the smart card certificate enrollment station link. The smart card enrollment Web page does not support pending requests. If you want to implement pending approvals, you must write your own enrollment application code. Or, use a solution such as the Certificate Lifecycle Manager (CLM).
Back to the top
To resolve this problem, edit the custom template so that
the issuance requirements are set to require exactly one signature. To do this, follow these steps:
| 1. | Log on as an enterprise administrator to the computer from
which you administer your PKI infrastructure. |
| 2. | Click Start, click Run,
type mmc, and then click OK. |
| 3. | On the File menu, click Add/Remove
Snap-in. |
| 4. | Click Add. |
| 5. | Click Certificate Templates, click
Add, and then click Close. |
| 6. | Right-click the template that you want to edit, and then
click Properties. |
| 7. | Click the Issuance Requirements tab, click to clear the CA certificate manager approval check box. |
| 8. | Click to select the This number of authorized signatures
check box. Then, make sure that the value is set to 1. |
Back to the top
This
behavior is by design.
Back to the top
