Tobi, I used w2k certifcates from w2k certificate service and that worked fine. Microsoft stated that non w2k certificates are not supported e.g. verisign (i wanted these but didn't work default) Only when you add different vendor software it will work.
met vriendelijke groet, with kind regards, Bas Hendriks [EMAIL PROTECTED] Pinkroccade, PRInS, TES, Webhosting Fauststraat 1 Apeldoorn +31(0) 55577 8062 +31(0) 62952 6542 -----Original Message----- From: Tobi Anton [mailto:[EMAIL PROTECTED] Sent: donderdag 13 november 2003 11:25 To: [EMAIL PROTECTED] Subject: Win 2000 Smartcard Logon - need help... Hi, I'm trying to logon to my Win 2000 server by using smartcard logon. It doesn't work yet and I don't know how to go on. This is what I got: I generated a client certificate with 0.9.8-dev. The openssl.conf looks like this: ... # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:[EMAIL PROTECTED] # Copy subject details # issuerAltName=issuer:copy nsCaRevocationUrl = http://mydomain.de/crl.crl nsBaseUrl = http://mydomain.de/test nsCaPolicyUrl = http://mydomain.de/policy.pdf crlDistributionPoints=URI:http://mydomain/crl.crl #end ... I imported the ca signed client certificate (private key included) on the smartcard. I imported the client certificate to the user profile in Active Directory. I then imported the CA certificate into the NTAuth store as described in MS Knowledge Base article 295663. I also imported it as a trusted party into the Default Domain Policy in Active Directory. The logon fails with the error, that my permission can't be verified. Who has an idea what else I need to do? After some research the openssl.conf looks good to me!? I think there's just something on the Microsoft side I need to setup. What do you think? Thanks, Tobi ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BEGIN:VCARD VERSION:2.1 N:Hendriks;Bas FN:Hendriks Bas ORG:PinkRoccade;Pink Online Apeldoorn TEL;WORK;VOICE:- EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20031013T131013Z END:VCARD
