Create Certificate for Windows smart card logon

[shb256]

Hello,

i try to get logon on Windows 11 with a yubikey an a samba ad
At first I used this tutorial to setup the certificates
everythink works as expected.
Then I ve setup ejbca the same way and it had generated certificated which worked the same way

Now Microsoft hast changend the certificates with the update 04 22 (KB5014754)
take a look here https://www.gradenegger.eu/?p=18373#more-18373

now ejbca ee has added the support for the szOID_NTDS_CA_SECURITY_EXT exention.

is there a way to add this extension to ejbca ce? And how is it to add?

thanks a lot

[primetomas]

Option 1. You can configure Windows to not require the extension, which is still secure if your AD is configured securely.
Option 2: You can use custom extensions in EJBCA CE to add anything you like.