Do I need to install Certification Authority on a domain controller?

Do I need to install the Certification Authority on a domain controller in order to have Smart Card logon working,

or can it be installed in another server?

It is not necessary to have the CA on the domain controller, nor is it advised. However, you must install an Enterprise CA. An enterprise CA integrates with Active Directory, that is, user and computer accounts in Active Directory can be issued certificates. An Enterprise CA is also necessary for in order to issue smart card certificates. The Enterprise CA can be installed on any Windows 2000 or Windows Server 2003 computer joined to the domain, however, I would recommend that it be a server dedicated to this purpose.

