Re: multiple certificates on a smartcard?

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/15/04

• Next message: Fei Chua: "Re: Help Microsoft define the next Windows Certificate Server"
• Previous message: Miha Pihler: "Re: Windows 2003, smartcards and thirdparty CA"
• In reply to: JB Fields: "multiple certificates on a smartcard?"
• Next in thread: PK: "Re: multiple certificates on a smartcard?"
• Reply: PK: "Re: multiple certificates on a smartcard?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 15 Oct 2004 23:46:28 +0200

Hi,

Smart cards can hold as many certificates as there is storage on the card.
The only problem is, the certificate that is used for smart card logon must
be in first slot (first place) on the card. If it is not and e.g. only
"Secure E-mail" certificate is in first slot, logon will fail. Other then
this, you can have smart card logon certificate in first slot, and signing
certificate in second and encrypting on third, authenticating certificate on
fourth, etc...

This is because the authentication process on logon windows can't display
the list of certificates on smart card to chose with which you want to
logon.
Kind of related is also the reason why you can't use certificate on smart
card for EFS (private key used for EFS must be stored on hard drive)...

I heard somewhere that this will change in next version of Windows... (I
guess we will see -- I heard same thing about Windows 2003 some time before
it was released).

Mike

"JB Fields" <jbfields@msn.com> wrote in message
news:uDVwJgrsEHA.2128@TK2MSFTNGP11.phx.gbl...
> Can a smartcard hold more than one certificate? Can the same card be used
> to log on to multiple accounts?
>
> --
> jbfields@msn.com www.jbfields3.com
> "Dogs may have kept us company on the hunt, but it was the cats who
insisted
> we invent houses and discover fire." -- Khiem Tran
>
>

---

• Next message: Fei Chua: "Re: Help Microsoft define the next Windows Certificate Server"
• Previous message: Miha Pihler: "Re: Windows 2003, smartcards and thirdparty CA"
• In reply to: JB Fields: "multiple certificates on a smartcard?"
• Next in thread: PK: "Re: multiple certificates on a smartcard?"
• Reply: PK: "Re: multiple certificates on a smartcard?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Offline Smart Card Logon ... So smart card logon would only work as long the notebooks have a vaild, ... If the CRL has expired, ... > For successful smart card logon, a valid CRL (certificate revocation list) ... (microsoft.public.windows.server.security) LSALogonUser and smart cards.... ... I have the following question concerning smart card logon on windows station. ... we query from a smart card (or any other certificate store). ... (microsoft.public.win32.programmer.networks) Smart Card Certificate Logon and Smart Card Wireless EAP-TLS ... Is there anybody out there succesfully implement Smart Card Certificate ... The Wireless EAP-TLS do not allow 'Smart Card Logon' on the Extended Key ... When Smart Card Logon appears on the Certificate EKU, ... (microsoft.public.platformsdk.security) RE: Problems enabling smart card login on windows 2000 ... Bad Certificate; ... Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon ... | - Installing a Windows 2000 Server as a Domain Controller ... (microsoft.public.win2000.security) Re: Offline Smart Card Logon ... >>> So smart card logon would only work as long the notebooks have a vaild, ... >>> expired CRL in their cache. ... >>>> For successful smart card logon, a valid CRL (certificate revocation ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)