If you’re using 3rd party certification authority (CA) to issue smart card login or DC certificates, then you will require to import those certificates to Enterprise NTAuth Store of Active Directory (AD). Here, it is worth to mention that NTAuth Store is basically an AD object and it can be located under configuration container of forest.
Adding the 3rd party certificates to NTAuth Store confirms that CA is trusted to issue above mentioned type of certificates. Please note Windows CAs automatically publish their CA certificates to the NTAuth Store.
Here’s how you can import 3rd party certification authority. You can import the DER encoded binary X.509 or Base-64 encoded X.509 certificate (.cer) file with this method.
Import 3rd Party CA Certificates To Enterprise NTAuth Store In Active Directory
1. Press 
+ R and type mmc.exe in the Run, hit Enter key to open Microsoft Management Console.
2. In the Console window, click File > Add/Remove Snap-in.
3. Under Add or Remove Snap-ins, look for Enterprise PKI and click Add, then click OK.
4. Back in Console window, right click on Enterprise PKI and select Manage AD Containers.
5. Next, in Manage AD Containers, click Add.
6. In the browser window, navigate to your certificate (.cer) file and open it.
7. If the certificate is OK, it should be readily imported. Now in Manage AD Containers, switch to NTAuthCertificates tab. Click on View button then.
8. Now the Certificate window should open and you can click on Install Certificate button to install the certificate.
See following video guide to demonstrate this method:
That’s it!
Leave a Reply