Computer Security
 » 
Encryption and Cryptography
 » 
OpenCA
 » 
openca-users

Smartcard implementations

View: New views
2 Messages — Rating Filter:   Alert me  

Smartcard implementations

by blainedw :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


Hi all,

My next hurdle with OpenCA (along with my many other hurdles) is to generate smartcard certificates. I was wondering how others managed to do this. Any lessons learned? Software addons that are needed? We will be issuing the smartcards from a central office. We want to generate the certificates from OpenCA but be able to use them in Windows and other operating systems. We do not want to use Windows CA services for several political and technological reasons. Any help or feedback would be appreciated.

Dave


This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.
------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Openca-Users mailing list
Openca-Users@...
https://lists.sourceforge.net/lists/listinfo/openca-users

Re: Smartcard implementations

by Mike Wiseman-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

We have developed some homegrown tools for smartcard management with OpenCA. Our environment is mainly Windows XP and Vista, Aladdin eToken and the application is two factor authentication to OpenVPN. OpenVPN is used as a shim to get two factor auth for two legacy Windows fat clients.

 

We have a tool to enrol a new user by an administrator: generate the RSA keypair on the eToken using a utility built using the eToken SDK, create a CSR using openSSL engine option, sscep the CSR to the OpenCA RA. The tool can be used later to pickup the issued cert and store it on the eToken. We also added token  password recovery, user self renewal, delegated token/cert issuance. These are being used in a pilot with about 30 staff.

 

With this, we’re still looking at Microsoft’s ILM/CLM product since it has a lot of smartcard management functionality built in.   

 

Mike

 

 

Mike Wiseman

Computing and Networking Services

University of Toronto

 

 

 

From: blainedw@... [mailto:blainedw@...]
Sent: June-22-09 1:17 PM
To: openca-users@...
Subject: [Openca-Users] Smartcard implementations

 


Hi all,

My next hurdle with OpenCA (along with my many other hurdles) is to generate smartcard certificates. I was wondering how others managed to do this. Any lessons learned? Software addons that are needed? We will be issuing the smartcards from a central office. We want to generate the certificates from OpenCA but be able to use them in Windows and other operating systems. We do not want to use Windows CA services for several political and technological reasons. Any help or feedback would be appreciated.

Dave


This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.


------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Openca-Users mailing list
Openca-Users@...
https://lists.sourceforge.net/lists/listinfo/openca-users
Free embeddable forum powered by Nabble Forum Help