Hello there Nicholas On Saturday 05 July 2003 21:09, Nicholas Roussos wrote: > I was wondering how many of you out there use OpenCA seriously in a real > company setting, and if you actually implemented your PKI with token > support (e.g. smartcards). It would be very interesting if any of you > that did something like this could share your experience with the list. > > How difficult was it to integrate smartcard support? What was needed? > What equipment? Are you satisfied with the results? Was it easily > adopted by your users? > We run a couple of OpenCA CAs that support user based smart cards.
Both of the environments have only Microsoft users and so supporting smartcards is really easy. As long as the users have got a smartcard with an appropriate CSP (the bit of software that sits between the smart card and the IE Browser) then there is no configuration at all. The user just selects the CSP appropriate to their smartcard from the list of CSPs the OpenCA script finds on their PC. It is the CSP that then genrates the keys and CSR. We sucessfully use, GemPlus smartcard, Utimaco smartcard, Rainbow iKey USB token and Rockey USB token. I am sure all of the other type will also work as long as there is an IE supported CSP. All smartcard "systems" come with a manager type program and a user type program. The manager is used to set up the smart cards and initialise pins etc. The user program is used to manage local pin numbers and register the keys and certs with IE (and the Microsoft crypto store). I hope this helps. Chris... ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
