smartcard , IE

TheMSsForum.com: The Microsoft Software Forum

For windows login I use username/password.
-------------------------
I see the same certificate in IE certificates list the certificate in
the SmartCard.

But IE never try to read the certificate and send to the server when
the Server is asking client
certificate during SSL handshake.

If I have a non smartcard certificate in the personal tab of IE
Certificate list, It is working fine.
IE sending that certificate to Server.

What am I missing to make IE read the certificate from SmartCard and
send to the server?

I am using XP SP2

Regards
Krishna
Top

Re: smartcard , IE by David

David
Mon Aug 28 15:26:48 CDT 2006

From: <krishna.chaganti@gmail.com>

| For windows login I use username/password.
| -------------------------
| I see the same certificate in IE certificates list the certificate in
| the SmartCard.
|
| But IE never try to read the certificate and send to the server when
| the Server is asking client
| certificate during SSL handshake.
|
| If I have a non smartcard certificate in the personal tab of IE
| Certificate list, It is working fine.
| IE sending that certificate to Server.
|
| What am I missing to make IE read the certificate from SmartCard and
| send to the server?
|
| I am using XP SP2
|
| Regards
| Krishna

Domain or workgroup ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Top

Re: smartcard , IE by Brian

Brian
Mon Aug 28 19:01:37 CDT 2006

In article <1156773146.189626.69520@i3g2000cwc.googlegroups.com>,
krishna.chaganti@gmail.com says...
> For windows login I use username/password.
> -------------------------
> I see the same certificate in IE certificates list the certificate in
> the SmartCard.
>
> But IE never try to read the certificate and send to the server when
> the Server is asking client
> certificate during SSL handshake.
>
> If I have a non smartcard certificate in the personal tab of IE
> Certificate list, It is working fine.
> IE sending that certificate to Server.
>
> What am I missing to make IE read the certificate from SmartCard and
> send to the server?
>
> I am using XP SP2
>
> Regards
> Krishna
>
>
The problem is that you have not indicated where the certificate is
located by typing in the PIN to the smart card.
Your scenario will work if you login using the smart card and PIN, as
the login process will then tie the private key to the certificate after
you access the private key with the PIN.

Brian
Top

Re: smartcard , IE by krishna

krishna
Thu Aug 31 07:34:47 CDT 2006

It is domin.
But I login into to domain using regular password. I want to use the
Samrtcard only on IE when a site asks for certificate.
After I insert the card in the card reader i see the certificate in
IE certificate list.
But when I go to the server, it never asks me the PIN for the reader.
If I log into reader using pin by entering the reader application, IE
still never sees the certificate. The certificate is not associated to
the current login user in the domain.
The domain does not support certificate login.


Regards
Krishna
Brian wrote:
> In article <1156773146.189626.69520@i3g2000cwc.googlegroups.com>,
> krishna.chaganti@gmail.com says...
> > For windows login I use username/password.
> > -------------------------
> > I see the same certificate in IE certificates list the certificate in
> > the SmartCard.
> >
> > But IE never try to read the certificate and send to the server when
> > the Server is asking client
> > certificate during SSL handshake.
> >
> > If I have a non smartcard certificate in the personal tab of IE
> > Certificate list, It is working fine.
> > IE sending that certificate to Server.
> >
> > What am I missing to make IE read the certificate from SmartCard and
> > send to the server?
> >
> > I am using XP SP2
> >
> > Regards
> > Krishna
> >
> >
> The problem is that you have not indicated where the certificate is
> located by typing in the PIN to the smart card.
> Your scenario will work if you login using the smart card and PIN, as
> the login process will then tie the private key to the certificate after
> you access the private key with the PIN.
>
> Brian

Top

Re: smartcard , IE by Brian

Brian
Thu Aug 31 09:32:56 CDT 2006

In article <1157027687.199113.194180@m73g2000cwd.googlegroups.com>,
krishna.chaganti@gmail.com says...
> It is domin.
> But I login into to domain using regular password. I want to use the
> Samrtcard only on IE when a site asks for certificate.
> After I insert the card in the card reader i see the certificate in
> IE certificate list.
> But when I go to the server, it never asks me the PIN for the reader.
> If I log into reader using pin by entering the reader application, IE
> still never sees the certificate. The certificate is not associated to
> the current login user in the domain.
>
The problem is that IE has no way of knowing what CSP was used to access
the certificate's private key, since you are not logging on with the
smart card.

You do state that the certificate appears in the user's store, so that
is a good thing. You can use the following command to associate the
certificate with your smart card's CSP:

certutil -f -csp "smart card provider name" -repairstore my
"CertificateSerialNumber"

The Smart Card Provider Name can be found in the Certificate Templates
console, by looking at the names of the CSPs in the certificate
templates console (or by running the certificate request wizard using
the certmgr.msc)

You must match the provider name *exactly* (not case, but spacing,
etc...

You must run this command *every* time that you log on to the network,
so that IE will know what CSP to use to access the certificate. If you
were logging on with the smart card, this would not be necessary.

Brian
Top