I'm trying to logon to my Win 2000 server by using smartcard logon. It doesn't work yet and I don't know how to go on. This is what I got:
I generated a client certificate with 0.9.8-dev. The openssl.conf looks like this:
...
# PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always
subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:[EMAIL PROTECTED]
# Copy subject details # issuerAltName=issuer:copy
nsCaRevocationUrl = http://mydomain.de/crl.crl nsBaseUrl = http://mydomain.de/test nsCaPolicyUrl = http://mydomain.de/policy.pdf
crlDistributionPoints=URI:http://mydomain/crl.crl
#end ...
I imported the ca signed client certificate (private key included) on the smartcard. I imported the client certificate to the user profile in Active Directory. I then imported the CA certificate into the NTAuth store as described in MS Knowledge Base article 295663. I also imported it as a trusted party into the Default Domain Policy in Active Directory.
The logon fails with the error, that my permission can't be verified.
Who has an idea what else I need to do? After some research the openssl.conf looks good to me!? I think there's just something on the Microsoft side I need to setup. What do you think?
Thanks, Tobi
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
