Chapter 23. Smart-card Authentication in Identity Management

Authentication based on smart cards is an alternative to passwords. User credentials are stored on the smart card, and special software and hardware is used to access them. The user places the smart card into a reader and supplies the PIN code for the smart card.
This chapter describes how an administrator can configure smart card-based authentication in Identity Management and how users can use smart cards to authenticate to Identity Management.

23.1. Exporting a Certificate From a Smart Card

To export the certificate:
  1. Place the smart card into the reader.
  2. Use the following command to list the certificates on the smart card. In the output, locate the certificate to use for authentication, and note its nickname:
    $ certutil -L -d /etc/pki/nssdb/ -h all
    Certificate Nickname         Trust Attributes
                                 SSL,S/MIME,JAR/XPI
    
    my_certificate               CT,C,C
  3. Extract the certificate to a file using the certificate nickname. For example, to extract the certificate in the Base64 format to a file named user.crt:
    $ certutil -L -d /etc/pki/nssdb/ -n 'my_certificate' -r | base64 -w 0 > user.crt
    The base64 utility is part of the coreutils package.