Re: [Pki-users] "Format" button never enabled in Enterprise Security Client
Steve:
Thanks for the query.
When you put in a blank token such as you have probably described, the ESC should pop up
a "Phone Home" Dialog that asks you to type in a URL pointing to the TPS Server
that is part
of Dogtag Certificate System.
If you do not get this Phone Home dialog there is possibly something wrong there.
As for smart card support we only have tested the main cards supported. If there is some
alternate
card being attempted, it MAY work but we can make no assurances there.
thanks,
jack
----- Original Message -----
From: "Steve Ross" <sross(a)trustedcs.com>
To: pki-users(a)redhat.com
Sent: Friday, September 20, 2013 3:20:22 PM
Subject: [Pki-users] "Format" button never enabled in Enterprise
Security Client
I'm a new user of the Dogtag Certificate System...
I am trying to create a certificate and write it to a smart card.
My problem is that my Enterprise Security Client (ESC) does not allow me
to format the smart card. When I insert the blank smart card, the ESC
GUI shows
Issuer = Unknown
Issued To = Unknown
Status = Unformatted
However, the "Format" button is disabled and remains so. Why? Is there
any configuration that I need to do in one of the PKI subsystems or ESC
itself?
When I instead insert a Common Access Card (CAC), the ESC GUI shows
Issuer = U.S Government
Issued To = <name>
Status = Enrolled
and ESC is able to display thethree certificates of the CAC. So, my
hardware/software is working to the extent that it can read another card.
I see the section in the Red Hat Certificate System (RHCS) 8.1
"Deployment, Planning, and Installation" guide that says:
The Certificate System subsystems have been tested using the
following tokens:
Gemalto TOP IM FIPS CY2 64K token, both as a smart card and
GemPCKey USB form factor key
Gemalto Cyberflex e-gate 32K token
Safenet 330J Java smart card
I also see the section of the RHCS "Managing Smart Cards with the
Enterprise Security Client" that says:
The Enterprise Security Client supports smart cards which are
JavaCard 2.1 or higher and Global
Platform 2.01-compliant and was tested using the following cards:
Safenet 330J Java smart cards
Gemalto 64K V2 tokens, both as a smart card and GemPCKey USB
form factor key
Gemalto GCx4 72K and TOPDLGX4 144K common access cards (CAC)
Oberthur ID One V5.2 common access cards (CAC)
Personal identity verification (PIV) cards, compliant with FIPS 201
The smart card that I'm using is none of the above, though it exceeds
the standards that the ESC manual describes.
Following are the details of my smart card, reader, and installed software:
Smart card:
J2A080 - NXP JAVA based smart card, 80k EEPROM
This is supposed to meet the standards JCOP 2.4.1, JC 2.2.2, and GP
2.1.1.
It is a new card and is not supposed to have any applets on it.
Smart card reader:
OmniKey 3121
Operating system:
CentOS 5.9
Software packages installed:
esc-1.1.0-14.el5.centos.1
pki-ca-1.3.6-1.el5
pki-tks-1.3.3-1.el5
pki-tps-1.3.1-1.el5
coolkey-1.1.0-15.el5
tomcat5-5.5.23-0jpp.40.el5_9
httpd-2.2.3-82.el5.centos
Thanks in advance for any help,
-- Steve Ross
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users