Create the Smartcard Logon Template

Log onto the certificate authority server, then launch the Microsoft Management Console (MMC) and click File then Add/Remove Snap-in.
In the “Add or Remove Snap-ins” list, choose Certificate Templates, then click Add.
Double-click on the Certificate Template under Selected snap-ins, then right click on the Smartcard Login template. Choose Duplicate Template.
Navigate to the Compatibility tab and check to make sure the operating system versions of the Certificate Authority and Certificate recipient are appropriately selected for your environment.
In the General tab, create a Template Display Name for the template, then select Publish certificate in Active Directory. Additionally, specify the appropriate template validity and renewal period for your environment. I.E _TruUSmartCardLogon

NOTE: Do not leave any spaces in the name of the Template display name. Also the Publish certificate in Active Directory is optional if your company policy doesn’t allow this.

6. Navigate to the Issuance Requirements tab, select This number of authorized signatures checkbox and set the number of authorized signatures to 1. Then, select Policy type required in signature setting to Application Policy and the Application Policy setting to Certificate Request Agent.

Navigate to the Cryptography tab and set the following settings for Key Storage Provider (KSP) support:
Navigate to the Security tab, add the Server that the CA Adapter is Installed on with Read, Write and Enroll permissions. Then, select the TruU service account with Read, Write and Enroll permissions. Click Apply to complete setup in this tab. Then, click OK.

Next, navigate to your Certificate Authority tab and click the Certificate Templates folder. Right-click on the folder and choose New then Certificate Template to Issue.