We have developed some homegrown tools for smartcard management with OpenCA.
Our environment is mainly Windows XP and Vista, Aladdin eToken and the
application is two factor authentication to OpenVPN. OpenVPN is used as a shim
to get two factor auth for two legacy Windows fat clients.
We have a tool to enrol a new user by an administrator: generate the RSA
keypair on the eToken using a utility built using the eToken SDK, create a CSR
using openSSL engine option, sscep the CSR to the OpenCA RA. The tool can be
used later to pickup the issued cert and store it on the eToken. We also added
token password recovery, user self renewal, delegated token/cert issuance.
These are being used in a pilot with about 30 staff.
With this, we're still looking at Microsoft's ILM/CLM product since it has a
lot of smartcard management functionality built in.
Mike
Mike Wiseman
Computing and Networking Services
University of Toronto
From: blain...@gdls.com [mailto:blain...@gdls.com]
Sent: June-22-09 1:17 PM
To: openca-users@lists.sourceforge.net
Subject: [Openca-Users] Smartcard implementations
Hi all,
My next hurdle with OpenCA (along with my many other hurdles) is to generate
smartcard certificates. I was wondering how others managed to do this. Any
lessons learned? Software addons that are needed? We will be issuing the
smartcards from a central office. We want to generate the certificates from
OpenCA but be able to use them in Windows and other operating systems. We do
not want to use Windows CA services for several political and technological
reasons. Any help or feedback would be appreciated.
Dave
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information. No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments. If you are not the intended recipient, please return this message
to the sender and delete the message and any attachments from your computer.
Your cooperation is appreciated.
------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
