Some info from Microsoft on setting up for Active Directory for smart card authentication. Since we’re looking to use a non-Microsoft vendor for certificates information for use of a 3rd party CA are particularly important.
- Smartcard logon using certificates from a 3rd party on a Domain Controller and KDC Event ID 29 - AD Troubleshooting Blog
- Requirements for Domain Controller Certificates from a Third-Party CA
- How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store
- Guidelines for enabling smart card logon with third-party certification authorities
- Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA
- Cryptography and Microsoft Public Key Infrastructure
I’ve accomplished this at home in a lab and it isn’t too hard. Once you have the appropriate certificates in place, smart card provisioned, and middleware installed you’re almost there.