3.0.1

Table Of Contents
VMware, Inc. 83
Chapter 5 Client Management
Obtaining a Root Certificate
YoumustobtaintherootcertificatefromtheCAthatsignedthecertificatesonthesmart
cardspresentedbyyourusers.Therootcertificateisobtainedfromoneofthefollowing
sources:
MicrosoftIISserverrunningMicrosoftCertificateServices.Theprocedurefor
installingMicrosoftIIS,issuingcertificates,anddistributingtheminyour
organizationexceedsthescopeofthisguide.RefertothefollowingWebresources
tolearnmoreaboutthesetasks:
HowtoInstallIISonWindowsServer2003:
http://technet.microsoft.com/library/aa998483.aspx
ManagingMicrosoftCertificateServices:
http://technet.microsoft.com/library/bb727098.aspx
ThepublicrootcertificateofatrustedthirdpartyCA.Thisisthemorelikely
sourceinenvironmentswithapreexistingsmartcardinfrastructureanda
standardizedapproachtosmartcarddistributionandauthentication(forexample,
governmentalormilitaryestablishments).
Onceyouhavedeterminedthecorrectcertificatetobeused,lookingatthesi
gning
chainwilllistaseriesofsigningauthorities.Usuallythebestcertificatetoselectisthe
intermediateauthorityimmediatelyabovetheusercertificate.Checkthatthisisnot
usedtosignothercertificatesonthecard.
Exporting a Root Certificate from a User Certificate
IfyoudonothavetherootcertificateoftheCAbuthavebeenprovidedwithaCA
signedusercertificate,orasmartcardthatcontainsone,youcanexporttheroot
certificatefromthisinformationiftherootcertificateistrustedbyyoursystem.
To export a root certificate from a user certificate
1StartInternetExplorerandclickTo
ols>InternetOptions.
2UndertheContenttab,clickCertificates.
N
OTEIfyouhavebeenprovidedwithasmartcardthatcontainsausercertificate,
insertthesmartcardintothereader.Inmanycasesthiswillautomaticallyaddtheuser
certificatetoyourpersonalstore.Ifthisdoesnothappenyoumustusethesoftwarethat
accompaniesthereadertoexporttheus
ercertificatetoafilewhichyoucanthenimport
intoInternetExplorerduringthefollowingprocedure.