|
Posted by DLN on October 1, 2007, 12:02 pm
Please log in for more thread options
Is it possible to deploy a smartcard solution without having to also deploy
some sort of third-party middleware? Based on what I understand from the MS
provided whitepapers on the topic, once I have deployed MS Certificate
Services and designated an enrollment workstation (assumes an attached
reader/writer), I should be able to simply insert a blank card and write an
X.509 certificate to it. The third-party solutions I have been testing came
with both a smartcard and OTP token. To determine whether or not I could
deploy a smartcard only solution without having to deploy any third-party
middleware, I've been attempting to write a certificate from our domain's
Microsoft Certificate Server based PKI, via the standard Microsoft web
enrollment interfaces. Unfortunately the web enrollment page never
recognizes the smartcard I'm trying to write to. I've read that this may be
due to the card already being in an initialized state, but having no prior
experience with smartcards, I don't know if this is indeed the case. It
does make me wonder if I actually do need some sort of third party
middleware (on the enrollment workstations at least) to load the cards with
a certificate? I'm reluctant to purchase blank cards if I'm actually
missing some other software that I'll end up having to deploy at a later
date. Does anybody have any recommendations on a base set of readers and
cards that can be deployed right out of the box without requiring
middleware? The third party solutions do provide a number of additional
security features that seem very sophisticated, but I don't think I'll ever
really need to use them. What sort of technical challenges/issues can I
expect if I go out, purchase some smartcard reader/writers, blank cards, and
then try to get smartcard authentication to function?
Thanks.
| 
XML Sitemap