![]() If you just built a new Certificate Authority server then True SSO won’t work until you run gpupdate /force on all of your Domain Controllers and Horizon Agent machines. Or wait several hours for group policy to update. On the Certificate Authority machine, from Start Menu, run Certification Authority.Right-click the Certificate Templates node and click Manage.Right-click the Smartcard Logon template and click Duplicate Template.On the Compatibility tab, change the drop-down for Certification Authority to Windows Server 2008 R2.Change the drop-down for Certificate recipient to Windows 7 / Server 2008 R2.On the General tab, name it True SSO or similar.Change the Validity Period to 1 day or similar.On the Request Handling tab, change the drop-down for Purpose to Signature and smartcard logon.Check the box next to For automatic renewal of smart card certificates, use the existing key if a new key cannot be created. ![]() On the Cryptography tab, change the drop-down for Provider Category to Key Storage Provider.On the Server tab, check the top box for Do not store certificates and requests in the CA database.Uncheck the bottom box for Do not include revocation information in issued certificates.On the Issuance Requirements tab, check the box next to This number of authorized signatures and enter 1 as the value.Change the drop-down for Policy type required in signature to Application policy.Change the drop-down for Application policy to Certificate Request Agent. ![]()
0 Comments
Leave a Reply. |