really useful article, thanks!!!
I have just tried setting it up using a Yubikey as a PIV smartcard and using the Private Key to generate the ADCA. using the -KeyContainerName switch. I got the key container name from certutil -scinfo
It works!!! - well, kinda. The CACommonName is set to the key container name and it will not accept the CACommonName switch.
Any ideas how to get around this or change the key container name ?