PKI User Certificate on Smart Card auto renewal ?

[booster]

Hello

I'm using a Enterprise issuing CA with an enrollment Station to issue smart
card certificate on behalf of users.

everything works fine.

now i'm not sure how to enable and configure the environment to make an
automatically renewal of the certificate on the smart card, without the user
visiting the Enrollment Agent.

Is it only necessary in the template, or do i have to configure a group
policy to initiate the renewal proces`s ?

Thanks,
--
~~~~~~~~~~~~~~~~~~~~
...is an MCSE 2003 and MCDBA
~~~~~~~~~~~~~~~~~~~~

 

[Saurav Sinha [MSFT]]

If Auto-enrollment is configured then in the template of the smartcard
certificate go to the "Issuance Requirements" tab and ensure "Valid Existing
certificate" radio button is checked for "require the following for
reenrollment" option.
Also you must have inserted the smart card into a reader attached to the
machine at least once for the certificate to be propagated to the store in
the machine

 

[booster]

Thank you, so no group policy settings are required, is that right ?
The certificate check is to ensure that the user has at least 1 issued
certificate from the enrollment agent.

I will try that.


--
~~~~~~~~~~~~~~~~~~~~
...is an MCSE 2003 and MCDBA
~~~~~~~~~~~~~~~~~~~~



"Saurav Sinha [MSFT]" wrote:

> If Auto-enrollment is configured then in the template of the smartcard
> certificate go to the "Issuance Requirements" tab and ensure "Valid Existing
> certificate" radio button is checked for "require the following for
> reenrollment" option.
> Also you must have inserted the smart card into a reader attached to the
> machine at least once for the certificate to be propagated to the store in
> the machine
>
>