Udostępnij za pośrednictwem


Understanding and Managing the Certificate Stores Used for Smart Card Logon

Don Baker, a Senior PFE with our US Public Sector team, jotted down a cheat sheet that’ll be useful when configuring and troubleshooting Smart Card logons.

Okay, so the “cheat sheet” turned out to be more of a “cheat blanket” (or “cheat roll-of-blankets”), and the information is extensive!

One of the things I find challenging about PKI and specifically about smart card logon is remembering how and where to publish certificates. It seems like every time I work on an issue related to smart card logon, I need to re-learn the information. Today I decided to write it all down while it is “fresh”… This article will not explain how to implement a complete smart card logon solution, but instead explain in more detail how to manage the certificates and stores used for smart card logon.

Don then goes on to run through the different certificate stores available, their storage location, and top-level details of how they operate.

The original post Understanding and Managing Certificate Stores used for Smart Card Logon has all the gory details. I should re-emphasise – it’s not prescriptive, it’s just a set of potentially-useful information to have available when troubleshooting smart card logons (and what certificates should be published where to support them).

Bonus tip of mild relevance! If you’re using Windows 8 or Windows Server 2012, try hitting Start and typing CertLM.msc. It’s the local machine version of CertMgr.msc!


Posted by Tristan without his usual text templates. And! Anything-dot-MSC always reminds me of Formula 1. Ahhh.