A custom smart card template is unavailable on the smart card enrollment station (313629)

CAUSE

This problem occurs if the following conditions are true:

The certificate template has been configured to use the CA certificate manager approval option on the Issuance Requirements tab of the template properties dialog box.
The certificate template has not been set to require exactly one signature of an authorized certificate request agent. The smart card enrollment station ignores any templates that do not require exactly one authorized signature.

Because of these conditions, the Version 2 Smart Card logon template may not appear in the Web page when you click the Request a certificate for a smart card on behalf of another user by using the smart card certificate enrollment station link. The smart card enrollment Web page does not support pending requests. If you want to implement pending approvals, you must write your own enrollment application code. Or, use a solution such as the Certificate Lifecycle Manager (CLM).

RESOLUTION

To resolve this problem, edit the custom template so that the issuance requirements are set to require exactly one signature. To do this, follow these steps:

Log on as an enterprise administrator to the computer from which you administer your PKI infrastructure.
Click Start, click Run, type mmc, and then click OK.
On the File menu, click Add/Remove Snap-in.
Click Add.
Click Certificate Templates, click Add, and then click Close.
Right-click the template that you want to edit, and then click Properties.
Click the Issuance Requirements tab, click to clear the CA certificate manager approval check box.
Click to select the This number of authorized signatures check box. Then, make sure that the value is set to 1.

A custom smart card template is unavailable on the smart card enrollment station (313629)

SYMPTOMS

CAUSE

RESOLUTION

STATUS