Chapter 4. Using Smart Cards for Web and Mail Clients

After a smart card is enrolled, the smart card can be used for SSL client authentication and S/MIME email applications. The PKCS #11 module has different names and is located in different directories depending on the operating system.

Table 4.1. PKCS #11 Module Locations

Platform Module Name Location
Red Hat Enterprise Linux onepin-opensc-pkcs11.so /usr/lib64/

4.1. Setting up Browsers to Support SSL for Tokens

To set up the Firefox browser to support SSL for tokens:
  1. Open the Edit menu and select Preferences.
    If the menu bar is not visible in Firefox, press the Alt key to temporarily display it.
  2. In the Advanced entry, select the Certificates tab, and click the Security Devices button.
  3. Add the PKCS #11 driver:
    1. Click the Load button.
    2. Enter a module name.
    3. Click Browse, select the Enterprise Security Client PKCS #11 driver library, and click OK.
  4. If the CA is not yet trusted, download and import the CA certificate.
    1. Open the SSL End Entity page on the CA. For example: 
      https://server.example.com:9444/ca/ee/ca/
    2. Click the Retrieval tab, and then click Import CA Certificate Chain.
    3. Click Download the CA certificate chain in binary form and then click Submit.
    4. Choose a suitable directory to save the certificate chain, and then click OK.
    5. Click Edit > Preferences, and select the Advanced tab.
    6. Click the View Certificates button.
    7. Click Authorities, and import the CA certificate.
  5. Set the certificate trust relationships.
    1. Click Edit > Preferences, and select the Advanced tab.
    2. Click the View Certificates button.
    3. Click Edit, and set the trust for websites.
The certificates can be used for SSL.