|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] ID ally update
From: Peter Williams (home_pw
msn.com)
Date: Mon Nov 07 2005 - 21:24:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
some missing advice, from the userguide - on creating the MS cert server,
for login smartcard enrollment:
(a) first assign server role : domain controller (to install active
directory, for one)
(b) then add the IIS/ASP role
(c) then add certificate server component, creating an enterprise Root
(only)
These steps are required, in that order, so that the certificate templates
to exist in the management console for the created CA website - per the
current instructions.
>From: Corcoran David <corcoranidentityalliance.com>
>Reply-To: MUSCLE <musclelists.musclecard.com>
>To: MUSCLE <musclelists.musclecard.com>
>Subject: Re: [Muscle] ID ally update
>Date: Tue, 1 Nov 2005 12:24:12 -0500
>
>Hi Peter,
>
>Personalize might be failing as it is calling into an added apdu which
>allows one to change the unblock pin. I can send the details of this APDU
>if you would like.
>
>If you import the P12 using ID Ally, it should register the certificate
>only with the CSP. The private key stays on the card and would be used
>with any CAPI application.
>
>For win logon, you will need to get a certificate from your Microsoft 2003
>CA using the Xenroll (http://xxxxxxxxxxx/certsrv) This should be in the
>User guide on the IDA website.
>
>So you wish for the pin dialog to have the application name in the title ?
> This should be easy to do as the pin dialog is in a separate resource
>dll.
>
>Thanks,
>Dave
>
>On Oct 31, 2005, at 8:14 PM, Peter Williams wrote:
>
>>
>>So I tried again, and finally got outlook to sign an email using ID ally!
>>Deleting some obviously non-Rom'ed packages on the javacard allowed the
>>keygen to work, and thus self-signed certs to get created.
>>
>>Three questions now:
>>
>>(a) when I create a backup .p12 file (store on my bio-flash drive), and
>>use said .p12 to configure outlook, would I be configuring outlook to use
>>the javacard (via CPS/PKCS#12), or is it importing the persisted
>>credentials and keys into the MS cyrpto rpovider, for CPU/software CSP
>>usage?
>>
>>(b) whats the simplest demo now of windows login - using the card?
>>
>>(c) can we explain the personalise option (again). I cant get things to
>>work, if I change the default 0000oooo pin.
>>
>>One issue: my bio-token selects the credentials to send to a pin- entry
>>form based on the dialog frame title. Can we improve the title text in
>>the id ally pin entry dialog, so it identies the application it belongs
>>too - rather than invite the user to perform an operation?
>>
>>
>>_______________________________________________
>>Muscle mailing list
>>Musclelists.musclecard.com
>>http://lists.drizzle.com/mailman/listinfo/muscle
>>
>>
>
>------------------------------------------------------------------------
>------------
>David Corcoran corcoranidentityalliance.com
> Identity Alliance http://www.identityalliance.com
> phone: 260-488-3099 fax: 260-488-2455
>
> Smart Cards, Biometrics, Training, Identity Management
>------------------------------------------------------------------------
>-------------
>
>
>_______________________________________________
>Muscle mailing list
>Musclelists.musclecard.com
>http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]