Page tree
Skip to end of metadata
Go to start of metadata

This article describes the prerequisites for smart card logon to laptops and servers using Windows. Click the links for instructions how to do the needed configurations. 

Prerequisites for smart card logon in Active Directory

For smart card logon to work, make sure that the following is set up: 

In the Active Directory domain:

  1. Active Directory must trust the CA certificates of the certificate authority (CA) that issued the card certificates. 
    See Manually integrate third party CA in Active Directory
  2. The domain controllers must have issued certificates that support smart card login. 
    If they don't already have certificates, then follow the instructions in Issue domain controller certificates
  3. The domain controllers must have access to at least one of the following: 
    1. a valid certificate revocation list (CRL) 
    2. an Online Certificate Status Protocol (OCSP) 
    3. Authority Information Access (AIA) 

On the client:

  1. A card reader must be connected to the computer. 
  2. The computer must have a correct driver.
  3. A smart card must be available and contain certificates for the needed operation; authentication, signing or encryption. 
  4. A Cryptographic Service Provider (CSP) software must be installed, for example Nexus Personal Desktop.
  5. The CA certificates must be imported into the truststore of the Windows client. 
    See Publish CA certificates to clients

Troubleshooting

For more information, see the following links: