The problem all started when Mircosoft updated the security of systems by requiring a minimum key length of 1024. Please refer to Microsoft Security Advisory (2661254). In the past, we were using the "Smartcard logon" template that is built into Server 2008 R2. This created a certificate with a 512 bit public key and used the "sha1RSA" Signature algorithm.
Because it is not possible to change the key size in the template, we duplicated the Smardcard logon template and modified it to use a 2048 - bit key. When we re-issued certificates on our Smart cards, it created certificates using the "RSASSA-PSS" Signature algorithm. These cards work fine in Vista, 7 and 2008 but do not work in WinXP.
Can you please outline, in detail, exactly what steps need to be followed to create a template that can be used to issue cards with at least 1024-bit public keys that would work under XP.