DCAWD.com

I've been given a project at work and I'm struggling with it. I'm seeking advice from the gurus. Normally, Tumbleweed or Crossstreet (?) is used for smart card authentication. The project is, enable smart card authentication using only Microsoft's OCSP in Server 2008.

I'm brand new to configuring a CA and OCSP. Issuing certs is about the level I'm at with the CA. I haven't configured Tumbleweed in the past. I've found a few tidbits here and there, but nothing really helpful. I've asked several people at work and still turned up little help. I've configured and issued the OCSP responder certificate. I've set up a dummy website in IIS with a directory containing CRLs. I configured the AIA and Extensions on the CA server to point to the CRL directory. I have a trusted intermediary cert and added it to the personal store. I added the trusted intermediary and root cert to a GPO and linked it to the user OU. I've imported the root certificates on the CA server.

Where do I go next? The current error is, credentials cannot be verified. I don't see any errors in the logs, other than authentication failed on the client side and there is nothing on the server side.

Thank you for your help.

a ton of questions...

who is the root certificate authority? is this machine on a "particular" domain? are these smart cards contain certificates also on a "particular" domain or from a "particular" RA?

if so, every machine (dc) performing authentication will need a cert of their own to authenticate.

we can take this to pm's or email if you need. you should be able to find me on your gal.

complacent wrote:you should be able to find me on your gal.

this is a really great sentence when taken out of context.

I hope you guys can help him... i tried to give him the best IT support I could... "Adam, why don't you post this on DCAWD" end support.

chicken n waffles wrote:

complacent wrote:you should be able to find me on your gal.

this is a really great sentence when taken out of context.

oops, lol!

, thx for the help and 's . I'll shoot you a message.