ok. I finally got the musclecardII on an JCOP 21 to do an SSL client
authentication exchange, presenting a domain-recognised id as credentials to
an IIS website.
If I now issue a cert to template Smartcard Login, can I use the same
process now for GINA-mediated login to the domain controller, on a 2003 box
(with reader)?
Any gotchas?
From: "Peter Williams" <[EMAIL PROTECTED]>
Reply-To: MUSCLE <[email protected]>
To: [email protected]
Subject: Re: [Muscle] ID ally update
Date: Mon, 07 Nov 2005 19:24:52 -0800
some missing advice, from the userguide - on creating the MS cert server,
for login smartcard enrollment:
(a) first assign server role : domain controller (to install active
directory, for one)
(b) then add the IIS/ASP role
(c) then add certificate server component, creating an enterprise Root
(only)
These steps are required, in that order, so that the certificate templates
to exist in the management console for the created CA website - per the
current instructions.
From: Corcoran David <[EMAIL PROTECTED]>
Reply-To: MUSCLE <[email protected]>
To: MUSCLE <[email protected]>
Subject: Re: [Muscle] ID ally update
Date: Tue, 1 Nov 2005 12:24:12 -0500
Hi Peter,
Personalize might be failing as it is calling into an added apdu which
allows one to change the unblock pin. I can send the details of this
APDU if you would like.
If you import the P12 using ID Ally, it should register the certificate
only with the CSP. The private key stays on the card and would be used
with any CAPI application.
For win logon, you will need to get a certificate from your Microsoft
2003 CA using the Xenroll (http://xxxxxxxxxxx/certsrv) This should be in
the User guide on the IDA website.
So you wish for the pin dialog to have the application name in the title
? This should be easy to do as the pin dialog is in a separate resource
dll.
Thanks,
Dave
On Oct 31, 2005, at 8:14 PM, Peter Williams wrote:
So I tried again, and finally got outlook to sign an email using ID
ally! Deleting some obviously non-Rom'ed packages on the javacard
allowed the keygen to work, and thus self-signed certs to get created.
Three questions now:
(a) when I create a backup .p12 file (store on my bio-flash drive), and
use said .p12 to configure outlook, would I be configuring outlook to
use the javacard (via CPS/PKCS#12), or is it importing the persisted
credentials and keys into the MS cyrpto rpovider, for CPU/software CSP
usage?
(b) whats the simplest demo now of windows login - using the card?
(c) can we explain the personalise option (again). I cant get things to
work, if I change the default 0000oooo pin.
One issue: my bio-token selects the credentials to send to a pin- entry
form based on the dialog frame title. Can we improve the title text in
the id ally pin entry dialog, so it identies the application it belongs
too - rather than invite the user to perform an operation?
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
------------------------------------------------------------------------
------------
David Corcoran [EMAIL PROTECTED]
Identity Alliance http://www.identityalliance.com
phone: 260-488-3099 fax: 260-488-2455
Smart Cards, Biometrics, Training, Identity Management
------------------------------------------------------------------------
-------------
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
