Chapter 4. Using Smart Cards for Web and Mail Clients
After a smart card is enrolled, the smart card can be used for SSL client authentication and S/MIME email applications. The PKCS #11 module has different names and is located in different directories depending on the operating system.
Table 4.1. PKCS #11 Module Locations
Platform | Module Name | Location |
---|---|---|
Red Hat Enterprise Linux | onepin-opensc-pkcs11.so | /usr/lib64/ |
4.1. Setting up Browsers to Support SSL for Tokens
To set up the Firefox browser to support SSL for tokens:
- Open the Edit menu and select Preferences.If the menu bar is not visible in Firefox, press the Alt key to temporarily display it.
- In the Advanced entry, select the Certificates tab, and click the Security Devices button.
- Add the PKCS #11 driver:
- Click the Load button.
- Enter a module name.
- Click Browse, select the Enterprise Security Client PKCS #11 driver library, and click OK.
- If the CA is not yet trusted, download and import the CA certificate.
- Open the SSL End Entity page on the CA. For example:
http
s
://server.example.com:9444/ca/ee/ca/
- Click the Retrieval tab, and then click Import CA Certificate Chain.
- Click Download the CA certificate chain in binary form and then click Submit.
- Choose a suitable directory to save the certificate chain, and then click OK.
- Click Edit > Preferences, and select the Advanced tab.
- Click the View Certificates button.
- Click Authorities, and import the CA certificate.
- Set the certificate trust relationships.
- Click Edit > Preferences, and select the Advanced tab.
- Click the View Certificates button.
- Click Edit, and set the trust for websites.
The certificates can be used for SSL.