- Article
To enroll and renew software certificates you don’t have to be an administrator and you don’t need a virtual smart card. It’s worth noting that at some point you will be prompted to allow a certificate operation and this is normal.
Create a software certificate Profile Template in MIM 2016 Certificate Manager
Create a template for the certificate that you will request for the virtual smart card. Open the mmc.
Click File, and then click Add/Remove Snap-in.
In the available snap-ins list, click Certificate Templates, and then click Add.
Certificate Templates is now located under Console Root in the MMC. Double-click it to view all the available certificate templates.
Right-click the User template, and click Duplicate Template.
On the Compatibility tab under Certification Authority Select Windows Server 2008 and under Certificate Recipient select Windows 8.1 / Windows Server 2012 R2.
On the General tab, in the display name field type Archived Certificate Template.
b.On the Request Handling tab
Set the Purpose to Signature and encryption.
Check Include symmetric algorithms allowed by the subject.
If you want to archive the key, check Archive subject’s encryption private key.
Under Do the following… select Prompt the user during enrollment.
On the Cryptography tab
Under Provider Category select Key Storage Provider
Select Requests can use any provider available on the subject's computer.
On the Security tab, add the security group that you want to give Enroll access to. For example, if you want to give access to all users, select the Authenticated users group, and then select Enroll permissions for them.
See AlsoExporting a .pfx using MMCOn the Subject Name tab
Uncheck Include e-mail name in subject name.
Under Include this information in alternate subject name, uncheck Email name.
Click OK to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
Select File, then click Add/Remove Snap-in to add the Certification Authority snap-in to your MMC console. When asked which computer you want to manage, select Local Computer.
In the left pane of the MMC, expand Certification Authority (Local), and then expand your CA within the Certification Authority list.
Right-click Certificate Templates, click New, and then click Certificate Template to Issue.
From the list, select the new template that you just created (Archived Certificate Template), and then click OK.
Create the Profile Template
Log into the CM portal as a user with administrative privileges.
Go to Administration > Manage Profile templates and make sure that the box is checked next to MIM CM Sample Smart Card Logon Profile Template and then click on Copy a selected profile template.
Type the name of the profile template and click OK.
In the next screen, click Add new certificate template and make sure to check the box next to the CA name.
Check the box next to the name of the Archived Software Certificate and click Add.
Remove the User template by checking the box next to it and then clicking Delete selected certificate templates and then OK.
Click Change general settings.
Check the boxes to the left of Generate encryption keys on the server and click on OK. On the left pane, click on Recover Policy.
Click Change general settings.
If you want to reissue archived certificates, check the boxes to the left of Reissue archived certificates and click on OK.
If you are using the Virtual Smart Card CM, you have to disable data collection items because it doesn't work with data collection on. Disable data collection for each and every policy by clicking on the policy in the left pane, and then unchecking the box next to Sample data item and then click Delete data collection items. Then click OK.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for
