Abstract
The last type of digital certificate we will be creating with AD Certificate Services is again similar to a TLS Client certificate, except that it is used for cryptographic (“smart card”) logon with Windows. These are usually distributed in credit card-like PKI smart cards, hence the Windows computer needs some kind of smart card reader. This is a major improvement in security in an organization using Microsoft networks (over password based authentication). The Windows logon certificate is not used as a second factor, but replaces the password with cryptographic authentication. Some organizations use the same smartcard as a picture ID for each user, and they can even be used to unlock doors if desired. This is an application where Active Directory Certificate Services really shines, due to its tight integration with the organization’s Active Directory. These certificates can be created centrally by a security admin, or be requested by the end-users if they have the ability to load them into a smart card.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature
About this chapter
Cite this chapter
Hughes, L.E. (2022). Issue and Manage Windows Logon Certificates. In: Pro Active Directory Certificate Services. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-7486-6_17
Download citation
DOI: https://doi.org/10.1007/978-1-4842-7486-6_17
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-7488-0
Online ISBN: 978-1-4842-7486-6
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)