[SmartcardServices-Users] [OT] MS CA and OpenSC
Miller, Timothy J.
tmiller at mitre.org
Mon Nov 18 05:11:12 PST 2013
While it is possible to circumvent the "unexportability" of keys on Windows, I won't go into exactly how in this forum (the interested reader can go investigate how DPAPI works, how DPAPI protected objects are formatted, research how CAPI stores private keys, and after some quality time with a hex file editor the answer will be obvious :).
It will be simpler and quicker (though less edigfying) to create your CSRs elsewhere and sumbit to the MS CA if web-based enrollment is enabled, or build your own PKI to enable PKINIT. Requirements for all of this are here:
http://blogs.technet.com/b/instan/archive/2011/05/17/smartcard-logon-using-certificates-from-a-3rd-party-on-a-domain-controller-and-kdc-event-id-29.aspx
And here:
http://msdn.microsoft.com/en-us/library/bb905527.aspx
-- T
________________________________________
From: smartcardservices-users-bounces at lists.macosforge.org [smartcardservices-users-bounces at lists.macosforge.org] on behalf of Yoann Gini [yoann.gini at gmail.com]
Sent: Saturday, November 16, 2013 07:54
To: smartcardservices-users at lists.macosforge.org
Subject: [SmartcardServices-Users] [OT] MS CA and OpenSC
Hi folks,
Before being able to make PKINIT work with OS X and Active Directory, I need to be able to create a certificate with the good capabilities.
MS CA have a specific template made for smart card authentication that need to be used to create a certificate who support PKINIT.
The problem I have is, this certificate when created is marked as un-exportable, so I can’t just create a p12 on a Windows and load it on my smart card from an OS X computer. I have to make my OpenSC SmartCard fully functional on Windows system to be able to create and load directly my certificate from a Windows system who can run the MMC Certificate administrative tool.
And here is the problem, I’ve installed the OpenSC driver on my Windows but the system don’t recognize it correctly.
I’m clearly off topic here but since the final goal is the SmartCard on OS X, I hope you won’t blame me…
So, if someone here have experience with OpenSC and Windows, I would like an quick help :-)
Best regards,
Yoann.
More information about the SmartcardServices-Users
mailing list