Show Table of Contents
Chapter 4. Using Smart Cards for Web and Mail Clients
After a smart card is enrolled, the smart card can be used for SSL client authentication and S/MIME email applications. The PKCS #11 module has different names and is located in different directories depending on the operating system.
Table 4.1. PKCS #11 Module Locations
| Platform | Module Name | Location |
|---|---|---|
| Red Hat Enterprise Linux | onepin-opensc-pkcs11.so | /usr/lib64/ |
4.1. Setting up Browsers to Support SSL for Tokens
To set up the Firefox browser to support SSL for tokens:
- Open the menu and select .If the menu bar is not visible in Firefox, press the Alt key to temporarily display it.
- In the entry, select the tab, and click the button.
- Add the PKCS #11 driver:
- Click the button.
- Enter a module name.
- Click , select the Enterprise Security Client PKCS #11 driver library, and click .
- If the CA is not yet trusted, download and import the CA certificate.
- Open the SSL End Entity page on the CA. For example:
http
s://server.example.com:9444/ca/ee/ca/ - Click the Retrieval tab, and then click Import CA Certificate Chain.
- Click Download the CA certificate chain in binary form and then click .
- Choose a suitable directory to save the certificate chain, and then click .
- Click , and select the Advanced tab.
- Click the button.
- Click , and import the CA certificate.
- Set the certificate trust relationships.
- Click , and select the Advanced tab.
- Click the button.
- Click , and set the trust for websites.
The certificates can be used for SSL.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.