SecurID® Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.
Article Number
000031583
Applies To
RSA Product Set: RSA Smart Card Solutions
RSA Product/Service Type : RSA Authentication Client
RSA Version/Condition: 3.6
Platform: Microsoft Windows
RSA Product/Service Type : RSA Authentication Client
RSA Version/Condition: 3.6
Platform: Microsoft Windows
Issue
This article explains how to store a certificate on the RSA SecurID SID800 for smart card logon to a Microsoft Windows environment.
Task
RSA Authentication Client 3.6 software and documentation is available via RSA Link.
Requirements
- Microsoft Domain Controller, Microsoft Active Directory and Microsoft Certificate Authority (with the appropriate certificate templates are configured for certificate [web] enrollment). Refer to Microsoft documentation for the installation and configuration for Microsoft software.
- Microsoft has posted the certificate requirements for smart card logon.
Resolution
This article assumes the customer will have a working Microsoft Domain Controller, Microsoft Active Directory and Microsoft Certificate Authority (with the appropriate certificate templates are configured for certificate [web] enrollment). This knowledge article is only providing an overview of steps for requesting and storing a certificate on the SID800 using RSA Authentication Client 3.6 software on a supported Microsoft Windows workstation.
Image description
Image description
Image description
Image description
Image description
Image description
Steps
- Enter the Microsoft Certificate Authority (CA) URL ( e.g., https://[CA_hostname]/certsrv ) in a web browser.
- Depending on the Microsoft configuration the user is likely to be prompted to enter Windows credentials in a pop-up Window.
- Click the Request a certificate link from the select a task listing.
- Click advanced certificate request.
- Click Create and submit a request to this CA.
- In the Advanced Certificate Request form,
- Change the Certificate Template to Smartcard User.
- Change the CSP to Microsoft Base Smart Card Crypto Provider.
- Select an appropriate key size (default is 1024). Leave the remaining settings as default.
- Click Submit.
Image description- After clicking Submit, the end user will be prompted to enter a PIN to access the certificate store on the SID800.
Image description- Now the system will generate the request:
Image description- The private key is generated and stored in the certificate store of the SID800 and after the request has been processed the end user is prompted to install a certificate. Click the Install this certificate link to complete the certificate enrollment and store the certificate on the SID800. A copy of this certificate is also stored in the userCertificate attribute of the user's properties found in Microsoft Active Directory.
Image description- Open the RSA Authentication Client RSA Control Center and click the Certificates link to confirm the presence of the certificate.
Image description- From a Microsoft workstation logon the end user will press Ctrl+Alt+Del to logon and may have to switch user to display the tile for Smart card logon. Clicking the Smart card logon tile will prompt the end user to enter the PIN to access the certificate store of the SID800. For example, where the end user is prompted to enter a PIN:
Image descriptionNotes
The RSA Authentication Client includes RSA Smart Card middleware. The middleware provides a Microsoft Minidriver based on the Microsoft Smart Card Minidriver specification and an implementation of the Public Key Cryptographic Standard #11 (PKCS #11) Application Programming Interface (API). Refer to the RSA Authentication Client documentation for more information.
In this article
