|Applies To||RSA Certificate Manager 6.8|
Microsoft Windows Vista
RSA Smart Card Middleware
RSA SID 800 Authenticator
RSA SecurID 800 Authenticator
Microsoft Internet Explorer 7.0
|Issue||How do you enroll for an RCM Administrator/Vettor certificate using a SID800 with MS Vista?|
issues with enrolling for an RCM Administrator/Vettor certificate in Vista using Sid800
After clicking submit on the admin enrollment page "<INSTALL-DIR>/WebServer/enroll-server/request-msie-admin.xuda ", the page did not change.
errors in the middleware logs:
2008-12-17 22:06:41.469 1056.1280 [E] HRESULT error encountered: 0x80100030
|Cause||With IE 7 on MS Vista, if a certificates if going to be created on a smartcard,|
Microsoft wants the non-export key flag enabled for the certificate/key.
To install a RCM Administrator/Vettor certificate on to SID800 using IE 7 on MS Vista, follow these steps:
1. Install the middleware in Vista
2. Resign Admin CA cert to have basic constraints
a. Sign from another CA that allows Basic PKIX-Compliant CA profile:
i. Ensure that the CA that you sign from allows another subordinate CA = verify the Path Length Constraint of signing CA first, otherwise Admin cert verification will fail.
ii. Set path length constraint to 0 for new Admin CA cert.
b. Restart sdir.
c. Re-sign, using self (Admin CA) and keep existing extensions.
d. Restart sdir
3. Trust System CA so the enrollment website is trusted
4. Add the enrollment website to the Trusted Sites in IE
a. Allow Unsigned ActiveX and Scripts to run for Trusted Sites ? Set to Prompt
5. Update Admin enrollment xuda file with new version (RCM 6.8 build 516 or higher)
6. Uncomment appropriate lines in enrollment new xuda page
a. Select 1024
b. Select Smart Card provider
c. Select protect private key = yes
d. Enter SID 800 PIN
e. Wait for about a minute
8. Approve Cert
9. Visit cert download link
10. Click Install Root CA cert (Unless you have already trusted the Admin CA), need to manually select trusted root CAs as storage container.
Solution How to successfully enroll for a certificate with IE7 on Microsoft Vista
|Legacy Article ID||a44414|