The certificate must comply with the
x509 v3 standard. In particular, a certificate to be used with FRP must be valid (not expired or revoked), and must have
Key Encipherment as the key. For more information about certificate standards, see
http://www.ietf.org/.
IMPORTANT: Do not create a Windows 2008-based certificate; only Windows 2003-based certificates work with removable media encryption.
Certificate use for FRP
The certificate that you use for FRP can be a smart card/token and must be stored in the certificate manager (
certmgr.msc) on the local system. If the certificate is either present on the network or a USB device, the user must import it to
certmgr.msc on the local system to use the certificate. You can view the available certificates in the Certificate Store.