Note: This article assumes the Windows Certification Authority is set up with the correct Smart Card certificate templates (see articles on Setting up a Smart Card for Self-Enrollment for the Windows Server version being used). In addition the client PC used for enrollment has to be joined to the Domain from which the certificate is issued.
To self-enroll a smart card certificate for yourself, ensure you are logged in as the correct user and run MMC.exe. The MMC console will appear.
Select "Add Remove Snap" from the file menu. Select Certificates and then "My User account" or "Current User". This may be the default options.
Under "Certificate“ Current user, right click the Personal directory, select "All Tasks" and select "Request New Certificate"
Click through the first screen to see the list of available templates.
Select the smart card user template created for self-enrollment and click next.
Enter the smart card user PIN and click OK.
Depending on the smart card and the key size chosen, the key and certificate enrollment process may take as long as 30 seconds. (Should you receive a security violation error saying the certificate request could not be created, click the Retry button.) On success the following appears:
At this point, the smart card is ready to be used for Windows logon!