SecurID^® Discussions

MoritzSchneider · ‎2019-08-05

I am trying to store a certificate for smart card logon on an RSA SecurID SID800. To do so, I am this documentation. https://rsa.jiveon.com/docs/DOC-45527

When it comes to the PIN prompt, it does not accept the PIN and says "Your smart card is locked".

The same error message appears when I try the PIN in the RSA Control Center --> Test PIN.

Now I would like to "Unblock your PIN". For this, I follow this document: Obtain the PIN Unlocking Key for an RSA SecurID 800 Authenticator. In my RSA Security Console, I do not have a section to option the PIN.

https://community.rsa.com/docs/DOC-77508

WHERE can I find/get the PUK of the dongles/ smart cards?

Thank you.

EdwardDavis · ‎2019-08-05

When you purchase SID800's and download the token seed records to be decrypted, the decryption process produces three files.

[example from my lab batch]

The token seed in XML format,

a text file with the batch password used to import the XML seed,

and finally a PUK file which is imported on the command line of the RSA Authentication Manager primary,

and this will allow you to manage the SID800 and generate PIN UNLOCK codes.

If you do not import the PUK file, the ability to generate Unblock PINS will not appear on the Security Console for those tokens.

Procedure

Log On to the Appliance Operating System with SSH.
Change directories to /opt/rsa/am/utils. Type:
cd /opt/rsa/am/utils/
and press ENTER.
Run import-puk to import the PIN unlocking keys. Type:
./rsautil import-puk -f filename
where filename is the path to the PUK.xml file, for example: -f /opt/rsa/am/PUK.xml
When prompted, enter your administrator User ID, and press ENTER.
When prompted, enter your password, and press ENTER.
When the import process is complete, the following message displays:
Status: IMPORTED <number> PIN UNLOCK KEY (PUK) RECORDS SUCCESSFULLY.
Close the SSH client. Type:
exit

Also note, the initial pin used to access the SID800 smartcard storage area is factory set to these 8 characters: PIN_CODE

View solution in original post

EdwardDavis · ‎2019-08-05

When you purchase SID800's and download the token seed records to be decrypted, the decryption process produces three files.

[example from my lab batch]

The token seed in XML format,

a text file with the batch password used to import the XML seed,

and finally a PUK file which is imported on the command line of the RSA Authentication Manager primary,

and this will allow you to manage the SID800 and generate PIN UNLOCK codes.

If you do not import the PUK file, the ability to generate Unblock PINS will not appear on the Security Console for those tokens.

Procedure

Log On to the Appliance Operating System with SSH.
Change directories to /opt/rsa/am/utils. Type:
cd /opt/rsa/am/utils/
and press ENTER.
Run import-puk to import the PIN unlocking keys. Type:
./rsautil import-puk -f filename
where filename is the path to the PUK.xml file, for example: -f /opt/rsa/am/PUK.xml
When prompted, enter your administrator User ID, and press ENTER.
When prompted, enter your password, and press ENTER.
When the import process is complete, the following message displays:
Status: IMPORTED <number> PIN UNLOCK KEY (PUK) RECORDS SUCCESSFULLY.
Close the SSH client. Type:
exit

Also note, the initial pin used to access the SID800 smartcard storage area is factory set to these 8 characters: PIN_CODE

SecurID^® Discussions

PIN Unlock Key

Authenticators

SecurID® Discussions

PIN Unlock Key

Authenticators

SecurID^® Discussions