Re: CA's Key on Smart Card Problem
From: Steve Riley [MSFT] (steriley_at_microsoft.com)
Date: 01/22/05
- Next message: Steven L Umbach: "Re: Can the password be changed before exceeding the age"
- Previous message: Roger Abell [MVP]: "Re: RDP over VPN Concepts"
- In reply to: Denis Holtkamp: "CA's Key on Smart Card Problem"
- Next in thread: S. Pidgorny
: "Re: CA's Key on Smart Card Problem" - Reply: S. Pidgorny
: "Re: CA's Key on Smart Card Problem" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Jan 2005 20:39:37 -0800
This really isn't something we test. Specifically, the problem you're seeing
is because the CA runs as LocalSystem. But when you're getting the prompt
to enter the PIN, that's running in your user context.
More importantly, though, remember that the CA needs to access its own private
key every time it issues a certificate, so you'd need to leave the smartcard
in the reader all the time, which pretty much negates the reason for using
a smartcard.
Steve Riley
steriley@microsoft.com
> Hi.
> To improve the security of an offline root CA I want to
> store the CA's private Key on a Smart Card. During the
> installation process of the certificate services I
> selected a Smart Card CSP (Gemplus) and activated the
> checkbox "Allow this CSP to interact with the desktop".
> When the setup process generates the cryptografic key I
> have to enter the PIN of the Smart Card and then I got an
> error message box "An error occurred when setting the
> security access on the private key "Name of the CA", or
> the CSP selected does not support setting security access
> on private keys. Please make sure the CSP is installed
> correctly or select another CSP. Not implemented
> 0x80004001 (-2147467263)". After this the installation of
> the certificate services fails. I've already tried tested
> this with different Smart Cards and different Computers,
> but always got the same error.
> Can anyone help me with the error, or has anyone already
> installed the CA's Key on a Smart Card, which Smart Card
> and CSP shoud I use?
> Thanks in advance,
>
> Denis
>
- Next message: Steven L Umbach: "Re: Can the password be changed before exceeding the age"
- Previous message: Roger Abell [MVP]: "Re: RDP over VPN Concepts"
- In reply to: Denis Holtkamp: "CA's Key on Smart Card Problem"
- Next in thread: S. Pidgorny
: "Re: CA's Key on Smart Card Problem" - Reply: S. Pidgorny
: "Re: CA's Key on Smart Card Problem" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
