Chapter 23. Smart-card Authentication in Identity Management
Authentication based on smart cards is an alternative to passwords. User credentials are stored on the smart card, and special software and hardware is used to access them. The user places the smart card into a reader and supplies the PIN code for the smart card.
This chapter describes how an administrator can configure smart card-based authentication in Identity Management and how users can use smart cards to authenticate to Identity Management.
23.1. Exporting a Certificate From a Smart Card
To export the certificate:
- Place the smart card into the reader.
- Use the following command to list the certificates on the smart card. In the output, locate the certificate to use for authentication, and note its nickname:
$ certutil -L -d /etc/pki/nssdb/ -h all Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI my_certificate CT,C,C
- Extract the certificate to a file using the certificate nickname. For example, to extract the certificate in the Base64 format to a file named
$ certutil -L -d /etc/pki/nssdb/ -n 'my_certificate' -r | base64 -w 0 > user.crtThe
base64utility is part of the coreutils package.