regarding smartcard pkinit authntication - Kerberos

This is a discussion on regarding smartcard pkinit authntication - Kerberos ; Hi I have some doubt regarding pkinit certificate locations. Standard Smartcard contain only User certificate and private key in pfx format.CA certificates and intermediate certs should be in local machine. Is it correct? Is it possible to having CA certs/intermediate ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: regarding smartcard pkinit authntication

  1. regarding smartcard pkinit authntication

    Hi



    I have some doubt regarding pkinit certificate locations.



    Standard Smartcard contain only User certificate and private key
    in pfx format.CA certificates and intermediate certs should be in local
    machine.

    Is it correct?

    Is it possible to having CA certs/intermediate Cert also in
    Standard smartcard?



    Thanks and Regards,

    Eswar S

    ************************************************** **************************
    ***********
    This e-mail and attachments contain confidential information from HUAWEI,
    which is intended only for the person or entity whose address is listed
    above. Any use of the information contained herein in any way (including,
    but not limited to, total or partial disclosure, reproduction, or
    dissemination) by persons other than the intended recipient's) is
    prohibited. If you receive this e-mail in error, please notify the sender by
    phone or email immediately and delete it!




  2. Re: regarding smartcard pkinit authntication

    Eswar S wrote:
    > Is it possible to having CA certs/intermediate Cert also in
    > Standard smartcard?


    This is a rather PKI-related question. Note that trusted root CA certs
    should be pre-installed explicitly marked as trusted in the entity which
    trys to validate a certain certificate. You can store (intermediate) CA
    certs also on the smartcard. Whether the OS you're using can make use of
    them is a different thing depending on the software you're using.

    Ciao, Michael.

+ Reply to Thread