To configure smart card authentication, you must obtain a root certificate and add it to a server truststore file, modify the Connection Server configuration properties, and configure smart card authentication settings. Depending on your particular environment, you might need to perform additional steps.

Note: Smart Card certificate validation based on user principal names (UPNs) is considered weak as per Microsoft’s security updates described in Microsoft KB5014754. Use the settings in Configure Certificate Mappings for Certificate-Based Authentication to change certificate mappings to one of the stronger types to avoid any interruption in user authentication. See VMware KB91595 for details.