Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT... User manual
Red Hat Certificate
System 8.0
Managing Smart Cards
with the Enterprise
Security Client
Ella Deon Lackey
Publication date: July 22, 2009, updated on January 23, 2010
Managing Smart Cards with the Enterprise Security Client
Red Hat Certificate System 8.0 Managing Smart Cards with the
Enterprise Security Client
Author Ella Deon Lackey
Copyright © 2009 Red Hat, Inc.
Copyright © 2009 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available
at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this
document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity
Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park, NC 27709 USA
This guide is for regular users of Certificate System subsystems. It explains how to manage personal
certificates and keys using the Enterprise Security Client, a simple interface which formats and
manages smart cards.
iii
About This Guide v
1. What Is in This Guide ..................................................................................................... v
2. Additional Reading .......................................................................................................... v
3. Examples and Formatting ............................................................................................... vi
3.1. Formatting for Examples and Commands .............................................................. vi
3.2. Tool Locations ..................................................................................................... vi
3.3. Guide Formatting ................................................................................................. vi
4. Giving Feedback ............................................................................................................ vii
5. Document History ......................................................................................................... viii
1. Introduction to the Enterprise Security Client 1
1.1. Red Hat Enterprise Linux, Single Sign-On, and Authentication ........................................ 1
1.2. Red Hat Certificate System and the Enterprise Security Client ........................................ 2
1.3. The Enterprise Security Client and the Windows Cryptographic Service Provider .............. 3
2. Installing the Enterprise Security Client 5
2.1. Supported Platforms for the Client ................................................................................ 5
2.2. Supported Smart Cards ................................................................................................ 5
2.3. Installing and Uninstalling the Enterprise Security Client on Red Hat Enterprise Linux ........ 5
2.3.1. Installing the Client ............................................................................................ 5
2.3.2. Uninstalling on Red Hat Enterprise Linux ............................................................ 6
2.4. Installing and Uninstalling on Windows .......................................................................... 7
2.4.1. Installing the Client ............................................................................................ 7
2.4.2. Uninstalling the Client ...................................................................................... 14
3. Using the Enterprise Security Client 15
3.1. Tray Icons for the Enterprise Security Client ................................................................ 15
3.2. Launching Enterprise Security Client ........................................................................... 15
3.2.1. Opening the Enterprise Security Client on Red Hat Enterprise Linux .................... 15
3.2.2. Opening the Enterprise Security Client on Microsoft Windows ............................. 16
3.3. Configuring Phone Home ............................................................................................ 16
3.3.1. About Phone Home Profiles ............................................................................. 17
3.3.2. Setting Global Phone Home Information ............................................................ 17
3.3.3. Adding Phone Home Information to a Token Manually ........................................ 18
3.3.4. Configuring the TPS to Use Phone Home ......................................................... 19
3.4. Setting up Users to Be Enrolled .................................................................................. 20
3.5. Enrolling a Smart Card Automatically .......................................................................... 20
3.6. Managing Smart Cards ............................................................................................... 24
3.6.1. Formatting the Smart Card ............................................................................... 25
3.6.2. Resetting a Smart Card Password .................................................................... 26
3.6.3. Viewing Certificates ......................................................................................... 26
3.6.4. Importing CA Certificates ................................................................................. 28
3.6.5. Adding Exceptions for Servers ......................................................................... 30
3.6.6. Enrolling Smart Cards ...................................................................................... 32
3.6.7. Re-Enrolling Tokens ......................................................................................... 33
3.7. Diagnosing Problems .................................................................................................. 33
3.7.1. Errors .............................................................................................................. 35
3.7.2. Events ............................................................................................................. 37
3.7.3. Information about the Smart Card ..................................................................... 37
4. Using Security Officer Mode 39
4.1. Enabling Security Officer Mode ................................................................................... 39
4.2. Enrolling a New Security Officer .................................................................................. 42
Managing Smart Cards with the Enterprise Security Client
iv
4.3. Using Security Officers to Manage Users ..................................................................... 44
4.3.1. Enrolling a New User ....................................................................................... 44
4.3.2. Performing Other Security Officer Tasks ............................................................ 47
4.3.3. Formatting an Existing Security Officer Smart Card ............................................ 48
5. Using Keys on Smart Cards for Web and Mail Clients 51
5.1. Setting up Browsers to Support SSL for Tokens ........................................................... 51
5.2. Using the Certificates on Tokens for Mail Clients .......................................................... 53
6. Configuring the Enterprise Security Client 55
6.1. Overview of Enterprise Security Client Configuration .................................................... 55
6.1.1. About the Preferences Configuration Files ......................................................... 55
6.1.2. About the XUL and JavaScript Files in the Enterprise Security Client ................... 59
6.1.3. Enterprise Security Client File Locations ........................................................... 60
6.2. Configuring SSL Connections with the TPS ................................................................. 61
6.3. Using Shared Security Databases ............................................................................... 62
6.4. Customizing the Smart Card Enrollment User Interface ................................................. 63
6.5. Disabling LDAP Authentication for Token Operations .................................................... 66
v
About This Guide
The Enterprise Security Client is a simple user interface which formats and manages smart cards.
This guide is intended for everyday users of Certificate System, who will use the Enterprise Security
Client to manage their smart cards. Certificate System agents should read the Certificate System
Agent's Guide for information on how to perform agent tasks, such as handling certificate requests and
revoking certificates.
Before reading this guide, be familiar with the following concepts:
• Public-key cryptography and the Secure Sockets Layer (SSL) protocol
• Intranet, extranet, and Internet security and the role of digital certificates in a secure enterprise
• LDAP and Red Hat Directory Server
1. What Is in This Guide
This guide contains the following chapters:
•Chapter 1, Introduction to the Enterprise Security Client provides an introduction to the Certificate
System.
•Section 2.1, “Supported Platforms for the Client” provides information about supported platforms for
the Enterprise Security Client.
•Chapter 2, Installing the Enterprise Security Client provides information on how to install and
uninstall the Enterprise Security Client on the supported platforms.
•Chapter 3, Using the Enterprise Security Client provides instructions on using the Enterprise
Security Client for token enrollment, formatting, and password reset operations.
•Chapter 5, Using Keys on Smart Cards for Web and Mail Clients describes how to use the
Enterprise Security Client keys for SSL and S/MIME authentication.
•Chapter 6, Configuring the Enterprise Security Client provides information on configuring the
Enterprise Security Client.
2. Additional Reading
This paper covers information on managing smart cards in Certificate System, as well as the
functionality for the Enterprise Security Client, which handles smart cards.
Some very basic information on using other end user web services for the Certificate System CA and
RA systems is covered in the Using End User Services1. For basic certificate management, that's
all many user need to know. Managing Smart Cards with the Enterprise Security Client and the End
User's Guide, together, are both for end users of Red Hat Certificate System.
For more information on the basic concepts of certificates, public key infrastructure, and Certificate
System itself, see the Certificate System Deployment Guide2.
1 http://www.redhat.com/docs/manuals/cert-system/8.0/ee/html/
2 http://www.redhat.com/docs/manuals/cert-system/8.0/deploy/html/
About This Guide
vi
More detailed information about the concepts behind public key cryptography, as well as a more
detailed overview of the Certificate System subsystems and how Certificate System manages
certificates and smart cards, is available in the Certificate System Administrator's Guide3. This is also
the guide for administrators to manage the Certificate System server. Installation is covered in the
Certificate System Installation Guide4.
The Certificate System Agent's Guide5 covers how agents can approve and reject certificate requests
and manage user certificates through other Certificate System subsystems, such as the Online
Certificate Status Responder (which checks the revocation status) and the Data Recovery Manager
(which recovers the certificate information if a token or a certificate is lost).
The latest information about Red Hat Certificate System, including current release notes and other
updates, is always available at the Certificate System documentation page, http://www.redhat.com/
docs/manuals/cert-system/.
3. Examples and Formatting
3.1. Formatting for Examples and Commands
All of the examples for Red Hat Certificate System commands, file locations, and other usage are
given for Red Hat Enterprise Linux 5 (32-bit) systems. Be certain to use the appropriate commands
and files for your platform.
To start the Red Hat Certificate System:
service pki-ca start
Example 1. Example Command
3.2. Tool Locations
All of the tools for Red Hat Certificate System are located in the /usr/bin directory. These tools can
be run from any location without specifying the tool location.
3.3. Guide Formatting
Certain words are represented in different fonts, styles, and weights. Different character formatting is
used to indicate the function or purpose of the phrase being highlighted.
Formatting Style Purpose
Monospace font Monospace is used for commands, package names, files and
directory paths, and any text displayed in a prompt.
Monospace
with a
background
This type of formatting is used for anything entered or returned
in a command prompt.
3 http://www.redhat.com/docs/manuals/cert-system/8.0/admin/html/
4 http://www.redhat.com/docs/manuals/cert-system/8.0/install/html/
5 http://www.redhat.com/docs/manuals/cert-system/8.0/agent/html/
Giving Feedback
vii
Formatting Style Purpose
Italicized text Any text which is italicized is a variable, such as
instance_name or hostname. Occasionally, this is also used to
emphasize a new term or other phrase.
Bolded text Most phrases which are in bold are application names, such as
Cygwin, or are fields or options in a user interface, such as a
User Name Here: field or Save button.
Other formatting styles draw attention to important text.
NOTE
A note provides additional information that can help illustrate the behavior of the system or
provide more detail for a specific issue.
IMPORTANT
Important information is necessary, but possibly unexpected, such as a configuration
change that will not persist after a reboot.
WARNING
A warning indicates potential data loss, as may happen when tuning hardware for
maximum performance.
4. Giving Feedback
If there is any error in this Enterprise Security Client Guide or there is any way to improve the
documentation, please let us know. Bugs can be filed against the documentation for Red Hat
Certificate System through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as
specific as possible, so we can be more effective in correcting any issues:
• Select the Red Hat Certificate System product.
• Set the component to Doc - enterprise-security-guide.
• Set the version number to 8.0.
• For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct
description of the problem, such as incorrect procedure or typo.
For enhancements, put in what information needs to be added and why.
• Give a clear title for the bug. For example, "Incorrect command example for setup
script options" is better than "Bad example".
We appreciate receiving any feedback — requests for new sections, corrections, improvements,
enhancements, even new ways of delivering the documentation or new styles of docs. You are
welcome to contact Red Hat Content Services directly at [email protected].
About This Guide
viii
5. Document History
Correcting Windows Enterprise Security Client process for proper 64-bit Windows packages, per
Errata RHBA-2009:1687.
Updating platform support to include 64-bit Windows platforms, per Errata RHBA-2009:1687.
Adding note on escaping characters in passwords for LDAP auth, per Bugzilla #523568.
Adding new configuration parameter and section on configuring shared terminals, per Errata
RHBA-2009:1687.
Adding note on new error message if connection to TPS format screen times out, per Errata
RHBA-2009:1665.
Rearranging introduction and adding information on single sign-on.
Fixing directory path to esc-prefs.js file, per Bugzilla #459511.
Changing screenshot in Windows installation, per Bugzilla #518314.
Correcting missed or updated edits for Bugzilla #459511 and #510569.
Tech reviews for each chapter, per Bugzilla #510564, #510566, #510567, #510569, #510571, and
#510572.
Edits to the parameters listed for the esc-pref.js file, per Bugzilla #459511.
Initial draft for Certificate System 8.0 Enterprise Security Client Guide.
Chapter 1.
1
Introduction to the Enterprise Security
Client
The Enterprise Security Client is a tool for Red Hat Certificate System which simplifies managing
smart cards. End users can use security tokens (smart cards) to store user certificates used for
applications such as single sign-on access and client authentication. End users are issued the tokens
containing certificates and keys required for signing, encryption, and other cryptographic functions.
The Enterprise Security Client is the third part of Certificate System's complete token management
system. Two subsystems — the Token Key Service (TKS) and Token Processing System (TPS) — are
used to process token-related operations. The Enterprise Security Client is the interface which allows
the smart card and user to access the token management system.
After a token is enrolled, applications such as Mozilla Firefox and Thunderbird can be configured to
recognize the token and use it for security operations, like client authentication and S/MIME mail.
Enterprise Security Client provides the following capabilities:
• Supports Global Platform-compliant smart cards like Gemalto 64K V2 and Safenet 300J Java smart
cards.
• Enrolls security tokens so they are recognized by TPS.
• Maintains the security token, such as re-enrolling a token with TPS.
• Provides information about the current status of the token or tokens being managed.
• Supports server-side key generation through the TPS and DRM subsystems so that keys can be
archived and recovered on a separate token if a token is lost.
1.1. Red Hat Enterprise Linux, Single Sign-On, and
Authentication
Network users frequently have to submit multiple passwords for the various services they use, such as
email, web browsing and intranets, and servers on the network. Maintaining multiple passwords, and
constantly being prompted to enter then, is a hassle for users and administrators. Single sign-on is a
configuration which allows administrators to create a single password store so that users can log in
once, using a single password, and be authenticated against all network resources.
Red Hat Enterprise Linux 5.3 supports single sign-on for several resources, including logging into
workstation and unlocking screensavers, accessing encrypted web pages using Mozilla Firefox, and
sending encrypted email using Mozilla Thunderbird.
Single sign-on is both a convenience to users and another layer of security for the server and the
network. Single sign-on hinges on secure and effective authentication, and the Enterprise Security
Client ties into the public-key infrastructure implemented by Red Hat Certificate System.
One of the cornerstones of establishing a secure network environment is making sure that access is
restricted to people who have the right to access the network. This access is allowed then the user
can authenticate to the system, meaning the user can verify his identity. One method of verifying an
identity is presenting a certificate. A certificate is an electronic document which identifies the entity
which presents it.
Chapter 1. Introduction to the Enterprise Security Client
2
These certificates can be stored on a smart card. When a user inserts a smart card, the smart card
presents the certificates to the system and identifies the user so the user can be authenticated.
One of the two authentication methods for Red Hat Enterprise Linux's single sign-on is smart card
authentication. (The other is Kerberos-based authentication.)
Single sign-on on Red Hat Enterprise Linux using smart cards goes through three steps:
1. A user inserts his smart card into the card reader. This is detected by both the PAM module on
Red Hat Enterprise Linux.
2. The system maps the certificate to the user entry and then compares the presented certificates on
the smart card to the certificates stored in the user entry.
3. If the certificate is successfully validated against the KDC, then the user is allowed to log in.
The Enterprise Security Client manages the smart cards, which is part of administering single sign-on.
1.2. Red Hat Certificate System and the Enterprise Security
Client
Red Hat Certificate System creates, manages, renews, and revokes certificates and keys. For
managing smart cards, the Certificate System has a token management system to generate keys,
create certificate requests, and receive certificates to be used for smart cards.
Two subsystems — the Token Key Service (TKS) and Token Processing System (TPS) — are used
to process token-related operations. The Enterprise Security Client is the interface which allows the
smart card and user to access the token management system.
Figure 1.1. How Certificate System Manages Smart Cards
The Enterprise Security Client and the Windows Cryptographic Service Provider
3
A total of four Certificate System subsystems are involved with managing tokens, two for managing
the tokens (TKS and TPS) and two for managing the keys and certificates within the public-key
infrastructure (CA and DRM).
• The Token Processing System (TPS) interacts with smart cards to help them generate and store
keys and certificates for a specific entity, such as a user or device. Smart card operations go
through the TPS and are forwarded to the appropriate subsystem for action, such as the Certificate
Authority to generate certificates or the Data Recovery Manager to archive and recover keys.
• The Token Key Service (TKS) generates, or derives, symmetric keys used for communication
between the TPS and smart card. Each set of keys generated by the TKS is unique because they
are based on the card's unique ID. The keys are formatted on the smart card and are used to
encrypt communications, or provide authentication, between the smart card and TPS.
• The Certificate Authority (CA) creates and revokes user certificates stored on the smart card.
• Optionally, the Data Recovery Manager (DRM) archives and recovers keys for the smart card.
The Enterprise Security Client is the conduit through which TPS communicates with each token over a
secure HTTP channel (HTTPS), and, through the TPS, with the Certificate System.
To use the tokens, the Token Processing System must be able to recognize and communicate with
them. The tokens must first be enrolled to populate the tokens with required keys and certificates and
add the tokens to the Certificate System. The Enterprise Security Client provides the user interface for
end entities to enroll tokens.
1.3. The Enterprise Security Client and the Windows
Cryptographic Service Provider
The Microsoft Windows version of the Enterprise Security Client installs a Windows Cryptographic
Service Provider (CSP) that is compatible with the Certificate System-supported smart cards.
Microsoft Windows supports a software library designed to implement the Microsoft Cryptographic
Application Programming Interface (CAPI or CryptoAPI). CAPI allows Windows-based applications,
such as the Microsoft Outlook or Internet Explorer, to be developed to perform secure, cryptographic
operations. This API provides a layer between these crypto-enabled applications and the details of the
cryptographic services provided by the API.
The CAPI interface can be used to create custom CSP libraries. Custom CSP libraries in Certificate
System support using smart cards on Windows (enrolled through the Enterprise Security Client)
to perform the cryptographic functions requested by Windows applications which access the CAPI
interface.
The CAPI store is a repository controlled by Windows, and which houses a collection of digital
certificates associated with a given CSP. CAPI oversees the certificates, while each CSP controls the
cryptographic keys belonging to the certificates.
The Certificate System CSP is designed to provide cryptographic functions on behalf of Windows
using our supported smart cards. The Windows CSP performs its requested cryptographic functionality
by calling the CoolKey PKCS #11 module.
The Certificate System CSP, which has been signed by Microsoft, enables users to be able to perform
common tasks securely:
Chapter 1. Introduction to the Enterprise Security Client
4
• Send and receive encrypted and signed emails with Microsoft Outlook.
• Visit SSL-protected websites with Microsoft Internet Explorer.
• Access certain VPN clients using the smart card, which provides secure access to protected
networks.
• Log into a Windows server or domain using the smart card, as long as the infrastructure required for
smart card login has been properly set up.
The required CSP libraries are automatically installed with the Enterprise Security Client. There are
several common situations when a Windows user interacts directly with the CSP.
• When a smart card is enrolled with the Enterprise Security Client, the newly created certificates are
automatically inserted into the user's CAPI store.
• When a smart card is formatted, the certificates associated with that card are removed from the
CAPI store.
• When a user inserts a properly enrolled card, the certificates on that card are automatically written
to the CAPI store. The certificates are then removed when the card is removed from the computer.
• When using applications such as Microsoft Outlook or Microsoft Internet Explorer, the user may
be prompted to enter the smart card's password. This is required when the smart card is asked to
perform protected cryptographic operations such as creating digital signatures.
Chapter 2.
5
Installing the Enterprise Security Client
The Enterprise Security Client is packaged as a set of installation executables or RPMs and other files
that are part of the complete Red Hat Certificate System distribution. These are listed in the installation
chapter of the Certificate System Administrator's Guide.
2.1. Supported Platforms for the Client
The Enterprise Security Client interface is supported on the following platforms:
• Red Hat Enterprise Linux 5.3 (x86)
• Red Hat Enterprise Linux 5.3 (x86_64)
• Microsoft Windows Vista 32-bit
• Microsoft Windows Vista 64-bit
• Microsoft Windows XP 32-bit
• Microsoft Windows XP 64-bit
2.2. Supported Smart Cards
Enterprise Security Client supports smart cards which are JavaCard 2.1 or higher and Global Platform
2.01-compliant. Certificate System was tested using the following cards:
• Safenet 330J Java smart cards
• Gemalto 64K V2 tokens, both as a smart card and GemPCKey USB form factor key
Smart card testing was conducted using the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet, one of the
packages included and installed with Red Hat Certificate System 8.0.
2.3. Installing and Uninstalling the Enterprise Security
Client on Red Hat Enterprise Linux
2.3.1. Installing the Client
The first step in installing the Enterprise Security Client is to download the required packages. The
Certificate System Administrator's Guide explains how to retrieve these RPMs and other files through
the Red Hat Certificate System 8.0 (AS v.4 for x86) or Red Hat Certificate System 8.0 (ES v.4 for
x86) Red Hat Network channels. There are two ways to obtain the packages:
• Downloading an ISO image or packages through the Red Hat Network channel
• Using the Red Hat yum utility
The preferred method of obtaining RPMs is using the yum command-line utility, as follows:
Chapter 2. Installing the Enterprise Security Client
6
# yum install esc
If the yum command completes successfully, all of the necessary Enterprise Security Client RPMs will
be installed and ready for use.
NOTE
If the yum utility was used to install the Enterprise Security Client, there is no need for
further installation; the client has already been installed. The following procedure is for
installing from a CD image.
1. As root, install the Enterprise Security Client packages. On Red Hat Enterprise Linux 5 (32-bit),
these packages are already installed, and can be updated using yum. For example:
yum install esc coolkey
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package esc.x86_64 0:1.1.0-9.el5 set to be updated
---> Package coolkey.x86_64 0:1.1.0-9.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
esc x86_64 1.1.0-9.el5 base 522 k
Installing for dependencies:
coolkey x86_64 1.1.0-9.el5 base 90 k
Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 612 k
Is this ok [y/N]: y
The Enterprise Security Client is located in /usr/lib/esc-1.1.0 on Red Hat Enterprise Linux 32-
bit systems and /usr/lib64/esc-1.1.0 on Red Hat Enterprise Linux 64-bit system. The esc shell
script is installed in /usr/bin/esc. The Enterprise Security Client can be launched by typing esc at
a command prompt.
The Enterprise Security Client for Linux implements a daemon (escd) which runs silently, waiting for
a smart card to be inserted. When an unenrolled smart card is inserted, the daemon automatically
launches the client UI, and the Enterprise Security Client guides the user through the enrollment
process. The client can also be launched manually by selecting System Settings, then Smart Card
Manager, from the System menu.
2.3.2. Uninstalling on Red Hat Enterprise Linux
1. Unplug all USB tokens.
Installing and Uninstalling on Windows
7
2. Stop the Enterprise Security Client.
3. Log in as root, and use rpm -ev to remove the Enterprise Security Client RPMs in the following
order:
NOTE
Update the version numbers of the RPM files to match your version.
# rpm -ev coolkey
# rpm -ev esc
4. Remove any remaining files in the installation directory.
2.4. Installing and Uninstalling on Windows
2.4.1. Installing the Client
The Windows Enterprise Security Client packages are available in the Downloads area of Red Hat
Network.
For both 32-bit and 64-bit Windows systems, the Windows Enterprise Security Client package
is available in the 32-bit channel. This package is SmartCardManagerSetup-1.0.1-
X.win32.i386.exe.
For 64-bit systems, there is an additional package which must be installed, CoolKeySetup-
version.win64.x64.exe, to use the Enterprise Security Client to manage certificates for email and
browser clients.
To install the Enterprise Security Client on Windows:
NOTE
You may need administrator privileges to install the Enterprise Security Client on the
Windows system.
1. In the Red Hat Network page for Certificate System, select the 32-bit or 64-bit channel.
2. Click the Downloads tab in the channel.
3. Download the Enterprise Security Client installer and (for 64-bit systems) CoolKey libraries.
Chapter 2. Installing the Enterprise Security Client
8
4. Next, double-click the SmartCardManagerSetup-1.0.1-X.win32.i386.exe file to launch
the Enterprise Security Client installation program.
5. Click Next to being going through the installer, and then accept the license agreement.
6. The wizard displays the list of packages that will be installed.
Installing the Client
9
7. The wizard prompts for the installation directory for the Enterprise Security Client. The default
directory is C:\Program Files\Red Hat\ESC.
Chapter 2. Installing the Enterprise Security Client
10
8. The wizard prompts for the Start Menu directory for the Enterprise Security Client. The default
directory is Red Hat.
Installing the Client
11
9. Proceed through the Enterprise Security Client installation wizard. Click Install to begin installing
the Enterprise Security Client components.
NOTE
The installation process also installs the CoolKey PKCS #11 driver needed for
Certificate System-supported keys and automatically installs the Certificate System
PKCS #11 module in any Mozilla browsers it can locate. The installer places the
Certificate System Cryptographic Service Provider (CSP) on the user's system to
allow users to use their smart cards with Microsoft products such as Outlook and
Internet Explorer.
Chapter 2. Installing the Enterprise Security Client
12
10. When the installation has completed, the Enterprise Security Client will prompt the user to insert a
token, and can then be launched for immediate use.
This manual suits for next models
2
Table of contents
Other Red Hat Software manuals
Red Hat
Red Hat NETWORK BASIC - USER REFERENCE GUIDE 3.3 Product information sheet
Red Hat
Red Hat CERTIFICATE 7.2 RELEASE NOTES Instruction Manual
Red Hat
Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0 User manual
Red Hat
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE User manual
Red Hat
Red Hat ENTERPRISE LINUX 5.5 - S 2010 User manual
Red Hat
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Instruction Manual
Red Hat
Red Hat NETWORK SATELLITE 5.0.0 - User manual
Red Hat
Red Hat ENTERPRISE LINUX 4 - USING BINUTILS Manual
Red Hat
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual
Red Hat
Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION User manual
Red Hat
Red Hat ENTERPRISE VIRTUALIZATION FOR DESKTOPS User manual
Red Hat
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE User manual
Red Hat
Red Hat NETWORK 3.1 - PROVISIONING User manual
Red Hat
Red Hat GFS 6.0 - INSTALLING AND CONFIGURING ORACLE9I... User manual
Red Hat
Red Hat GNBD WITH GLOBAL FILE SYSTEM 4.7 Instruction Manual
Red Hat
Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE Instruction Manual
Red Hat
Red Hat ENTERPRISE LINUX 4.5.0 - User manual
Red Hat
Red Hat NETWORK PROXY 5.3.0 - User manual
Red Hat
Red Hat NETWORK 4.0 - User manual
Red Hat
Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION... User manual
Popular Software manuals by other brands
AMIGOPOD
AMIGOPOD PowerConnect W Clearpass 100 Software manual
Brocade Communications Systems
Brocade Communications Systems PowerConnect B-RX release note
UNIBLUE
UNIBLUE SPEEDUPMYPC 2010 - V1 product manual
Baracoda
Baracoda KEmul RS232 user guide
HP
HP Pro 3130 MT user guide
Intashield
Intashield IS-200 How to use
Extreme Networks
Extreme Networks ExtremeWare 7.2e Installation and user guide
Dell
Dell PowerConnect W-Airwave quick start guide
McAfee
McAfee AVDCDE-AA-AA - Active Virus Defense Suite user guide
ADTRAN
ADTRAN Q-110 manual
Minolta
Minolta DiMAGE Viewer instruction manual
Epson
Epson WorkForce 600 Series user guide
ScanSoft
ScanSoft WORKING WITH PAPERPORT 7 AND PAPERPORT DELUXE 7 FOR... manual
Novell
Novell OPENOFFICE 2.X Setup guide
Acroprint
Acroprint ATR20/20 quick start
Adobe
Adobe 65030089 - Robohelp - PC Using
Grandstream Networks
Grandstream Networks GSurf_Pro user manual
Alcatel-Lucent
Alcatel-Lucent Alcatel-Lucent Security Management Server... installation guide