Show Table of Contents
Chapter 5. Using Smart Cards with the Enterprise Security Client
When a smart card is enrolled, it means that user-specific keys and certificates are generated and placed on the card. In Red Hat Enterprise Linux, the interface that works between the user and the system which issues certificates is the Enterprise Security Client. The Enterprise Security Client recognizes when a smart card is inserted (or removed) and signals the appropriate subsystem in Red Hat Certificate System. That subsystem then generates the certificate materials and sends them to the Enterprise Security Client, which writes them to the token. That is the enrollment process.
The following sections contain basic instructions on using the Enterprise Security Client for token enrollment, formatting, and password reset operations.
5.1. Supported Smart Cards
The Enterprise Security Client supports smart cards which are JavaCard 2.1 or higher and Global Platform 2.01-compliant and was tested using the following cards:
- Safenet 330J Java smart cards
- Gemalto 64K V2 tokens, both as a smart card and GemPCKey USB form factor key
- Gemalto GCx4 72K and TOPDLGX4 144K common access cards (CAC)
- Oberthur ID One V5.2 common access cards (CAC)
- Personal identity verification (PIV) cards, compliant with FIPS 201
Note
Enterprise Security Client does not provision PIV or CAC cards, but it will read them and display information.
Smart card testing was conducted using two card readers:
- SCM SCR331 CCID
- OMNIKEY 3121
The only card manager applet supported with Enterprise Security Client is the CoolKey applet.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.