If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA.
Procedure
- ♦ On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store.
For example: certutil -dspublish -f path_to_root_CA_cert NTAuthCA
Results
The CA is now trusted to issue certificates of this type.
