some missing advice, from the userguide - on creating the MS cert server,
for login smartcard enrollment:
(a) first assign server role : domain controller (to install active
directory, for one)
(b) then add the IIS/ASP role
(c) then add certificate server component, creating an enterprise Root
(only)
These steps are required, in that order, so that the certificate templates
to exist in the management console for the created CA website - per the
current instructions.
From: Corcoran David <[EMAIL PROTECTED]>
Reply-To: MUSCLE <[email protected]>
To: MUSCLE <[email protected]>
Subject: Re: [Muscle] ID ally update
Date: Tue, 1 Nov 2005 12:24:12 -0500
Hi Peter,
Personalize might be failing as it is calling into an added apdu which
allows one to change the unblock pin. I can send the details of this APDU
if you would like.
If you import the P12 using ID Ally, it should register the certificate
only with the CSP. The private key stays on the card and would be used
with any CAPI application.
For win logon, you will need to get a certificate from your Microsoft 2003
CA using the Xenroll (http://xxxxxxxxxxx/certsrv) This should be in the
User guide on the IDA website.
So you wish for the pin dialog to have the application name in the title ?
This should be easy to do as the pin dialog is in a separate resource
dll.
Thanks,
Dave
On Oct 31, 2005, at 8:14 PM, Peter Williams wrote:
So I tried again, and finally got outlook to sign an email using ID ally!
Deleting some obviously non-Rom'ed packages on the javacard allowed the
keygen to work, and thus self-signed certs to get created.
Three questions now:
(a) when I create a backup .p12 file (store on my bio-flash drive), and
use said .p12 to configure outlook, would I be configuring outlook to use
the javacard (via CPS/PKCS#12), or is it importing the persisted
credentials and keys into the MS cyrpto rpovider, for CPU/software CSP
usage?
(b) whats the simplest demo now of windows login - using the card?
(c) can we explain the personalise option (again). I cant get things to
work, if I change the default 0000oooo pin.
One issue: my bio-token selects the credentials to send to a pin- entry
form based on the dialog frame title. Can we improve the title text in
the id ally pin entry dialog, so it identies the application it belongs
too - rather than invite the user to perform an operation?
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
------------------------------------------------------------------------
------------
David Corcoran [EMAIL PROTECTED]
Identity Alliance http://www.identityalliance.com
phone: 260-488-3099 fax: 260-488-2455
Smart Cards, Biometrics, Training, Identity Management
------------------------------------------------------------------------
-------------
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
