000031583 - Using SID800 to store a certificate for smart card logon

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 6Show Document
  • View in full screen mode

Article Content

Article Number000031583
Applies ToRSA Product Set : RSA Smart Card Solutions
RSA Product/Service Type : RSA Authentication Client 
RSA Version/Condition : 3.6
Platform : Microsoft Windows
IssueCustomers have a requirement to store a certificate on the SID800 for smart card logon to a Microsoft Windows environment.
TasksRSA Authentication Client 3.6 software and documentation is available from URL https://knowledge.rsasecurity.com/scolcms/set.aspx?id=9588 with a registered account for RSA SecurCare Online.
Requirement :  Microsoft Domain Controller, Microsoft Active Directory and Microsoft Certificate Authority (with the appropriate certificate templates are configured for certificate [web] enrollment). Refer to Microsoft documentation for the installation and configuration for Microsoft software.

Where a third-party certificate authority is being used then refer to the following Microsoft articles
ResolutionRSA knowledge article # 000031583 assumes the customer will have a working Microsoft Domain Controller, Microsoft Active Directory and Microsoft Certificate Authority (with the appropriate certificate templates are configured for certificate [web] enrollment). This knowledge article is only providing an overview of steps for requesting and storing a certificate on the SID800 using RSA Authentication Client 3.6 software on a supported Microsoft Windows workstation.
Steps:

  1. Enter the Microsoft Certificate Authority (CA) URL ( e.g. https://[CA_hostname]/certsrv ) in a web browser.
  2. Depending on the Microsoft configuration the user is likely to be prompted to enter Windows credentials in a pop-up Window.
  3. Click the Request a certificate link from the select a task listing.
  4. Click the advanced certificate request.
  5. Click Create and submit a request to this CA.
  6. In the Advanced Certificate Request form, change the Certificate Template to Smartcard User. Change the CSP to Microsoft Base Smart Card Crypto Provider. Select an appropriate key size (default is 1024). Leave the remaining settings as default and click the Submit button.
User-added image

  1. After the submit the end user will be prompted to enter a PIN (to access the certificate store on the SID800).
User-added image

  1. Now the system will generate the request...
User-added image

  1.  The private key is generated and stored in the certificate store of the SID800 and after the request has been processed the end user is prompted to install a certificate. Click the Install this certificate link to complete the certificate enrollment and store the certificate on the SID800. A copy of this certificate is also stored in the userCertificate attribute of the user's properties found in Microsoft Active Directory.
User-added image

  1. Open the RSA Authentication Client RSA Control Center and click the Certificates link to confirm the presence of the certificate.
User-added image


From a Microsoft workstation logon the end user will press Ctrl+Alt+Del to logon and may have to switch user to display the tile for Smart card logon. Clicking the Smart card logon tile will prompt the end user to enter the PIN to access the certificate store of the SID800.
 

Example; where the end user is prompted to enter a PIN:

User-added image


 

 

 
Notes

RSA Authentication Client includes RSA Smart Card Middleware. The Middleware provides a Microsoft Minidriver based on the Microsoft Smart Card Minidriver specification and an implementation of the Public Key Cryptographic Standard #11 (PKCS #11) Application Programming Interface (API). Refer to the RSA Authentication Client for more information.
URL is an acronym for Uniform Resource Locator and is a reference (an address) to a resource on the Internet.


Contacting RSA Customer Support
TelephoneFor urgent issues use on of the telephone numbers listed at URL http://www.emc.com/support/rsa/contact/phone-numbers.htm 
EmailFor non-urgent issues email support@rsa.com
Case
   Management
Case Management is found at URL https://knowledge.rsasecurity.com/scolcms/mysupport.aspx
   (requires access to RSA SecurCare Online)

Attachments

Outcomes