Smart Card Authentication Help

HappyIdiot · Post by **HappyIdiot** » Thu Feb 17, 2011 8:29 pm

I've been given a project at work and I'm struggling with it. I'm seeking advice from the gurus. Normally, Tumbleweed or Crossstreet (?) is used for smart card authentication. The project is, enable smart card authentication using only Microsoft's OCSP in Server 2008.

I'm brand new to configuring a CA and OCSP. Issuing certs is about the level I'm at with the CA. I haven't configured Tumbleweed in the past. I've found a few tidbits here and there, but nothing really helpful. I've asked several people at work and still turned up little help. I've configured and issued the OCSP responder certificate. I've set up a dummy website in IIS with a directory containing CRLs. I configured the AIA and Extensions on the CA server to point to the CRL directory. I have a trusted intermediary cert and added it to the personal store. I added the trusted intermediary and root cert to a GPO and linked it to the user OU. I've imported the root certificates on the CA server.

Where do I go next? The current error is, credentials cannot be verified. I don't see any errors in the logs, other than authentication failed on the client side and there is nothing on the server side.

Thank you for your help.

Post by **complacent** » Thu Feb 17, 2011 9:27 pm

a ton of questions...

who is the root certificate authority? is this machine on a "particular" domain? are these smart cards contain certificates also on a "particular" domain or from a "particular" RA?

if so, every machine (dc) performing authentication will need a cert of their own to authenticate.

we can take this to pm's or email if you need. you should be able to find me on your gal.

Post by **Sabre** » Thu Feb 17, 2011 9:38 pm

chicken n waffles · Post by **chicken n waffles** » Fri Feb 18, 2011 7:46 am

complacent wrote:you should be able to find me on your gal.

this is a really great sentence when taken out of context.

missvenezuela85 · Post by **missvenezuela85** » Fri Feb 18, 2011 9:28 am

I hope you guys can help him... i tried to give him the best IT support I could... "Adam, why don't you post this on DCAWD" end support.

Post by **complacent** » Fri Feb 18, 2011 10:11 am

chicken n waffles wrote:
complacent wrote:you should be able to find me on your gal.
this is a really great sentence when taken out of context.

oops, lol!

HappyIdiot · Post by **HappyIdiot** » Fri Feb 18, 2011 11:50 am

, thx for the help and

's . I'll shoot you a message.

DCAWD.com

Smart Card Authentication Help

Smart Card Authentication Help

Re: Smart Card Authentication Help

Re: Smart Card Authentication Help

Re: Smart Card Authentication Help

Re: Smart Card Authentication Help

Re: Smart Card Authentication Help

Re: Smart Card Authentication Help