Chapter 4. Using Smart Cards for Web and Mail Clients
After a smart card is enrolled, the smart card can be used for SSL client authentication and S/MIME email applications. The PKCS #11 module has different names and is located in different directories depending on the operating system.
Platform | Module Name | Location |
---|---|---|
Red Hat Enterprise Linux | onepin-opensc-pkcs11.so | /usr/lib64/ |
4.1. Setting up Browsers to Support SSL for Tokens
To set up the Firefox browser to support SSL for tokens:
- Open themenu and select .If the menu bar is not visible in Firefox, press the Alt key to temporarily display it.
- In theentry, select the tab, and click the button.
- Add the PKCS #11 driver:
- Click thebutton.
- Enter a module name.
- Click, select the Enterprise Security Client PKCS #11 driver library, and click .
- If the CA is not yet trusted, download and import the CA certificate.
- Open the SSL End Entity page on the CA. For example:
http
s
://server.example.com:9444/ca/ee/ca/
- Click the Retrieval tab, and then click Import CA Certificate Chain.
- Click Download the CA certificate chain in binary form and then click .
- Choose a suitable directory to save the certificate chain, and then click.
- Click Advanced tab., and select the
- Click thebutton.
- Click, and import the CA certificate.
- Set the certificate trust relationships.
- Click Advanced tab., and select the
- Click thebutton.
- Click, and set the trust for websites.
The certificates can be used for SSL.