To dump existing certficate used for authentication by the current user:
It is also possible to just request a certificate using default templates (see AD CS to obtain a list of CAs):
Mimikatz can be used to dump certificates to disk (password is “mimikatz”).
To use the certificate to obtain TGT (paste base64-encoded certificate; ticket encryption type is set to AES256 for stealth):