Product SiteDocumentation Site

Chapter 5. Using Smart Cards with the Enterprise Security Client

5.1. Supported Smart Cards
5.2. Setting up Users to Be Enrolled
5.3. Enrolling a Smart Card Automatically
5.4. Managing Smart Cards
5.4.1. Formatting the Smart Card
5.4.2. Resetting a Smart Card Password
5.4.3. Viewing Certificates
5.4.4. Importing CA Certificates
5.4.5. Adding Exceptions for Servers
5.4.6. Enrolling Smart Cards
5.4.7. Re-Enrolling Tokens
5.5. Diagnosing Problems
5.5.1. Errors
5.5.2. Events
When a smart card is enrolled, it means that user-specific keys and certificates are generated and placed on the card. In Red Hat Enterprise Linux, the interface that works between the user and the system which issues certificates is the Enterprise Security Client. The Enterprise Security Client recognizes when a smart card is inserted (or removed) and signals the appropriate subsystem in Red Hat Certificate System. That subsystem then generates the certificate materials and sends them to the Enterprise Security Client, which writes them to the token. That is the enrollment process.
The following sections contain basic instructions on using the Enterprise Security Client for token enrollment, formatting, and password reset operations.

5.1. Supported Smart Cards

The Enterprise Security Client supports smart cards which are JavaCard 2.1 or higher and Global Platform 2.01-compliant. Certificate System was tested using the following cards:
  • Safenet 330J Java smart cards
  • Gemalto 64K V2 tokens, both as a smart card and GemPCKey USB form factor key
Smart card testing was conducted using the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet, one of the packages included and installed with Red Hat Certificate System 8.0.