Troubleshooting
39
no
vd
ocx
(e
n)
6 Ap
ril 20
07
6.3.2 Certificate Validation Issues
If the method fails with an Invalid Certificate or Certificate Validation Failed message, the method
was unable to validate the certificate sent by the workstation. Check the following items:
The certificate on the smart card is not expired or has not been revoked by the issuing
Certificate Authority.
The method is properly configured with a trusted root container that contains a valid trusted
root certificate. See
Section 5.2, “Configuring Trusted Root Certificates,” on page 29
for
information about configuring the trusted root container.
Certificate revocation checking is properly configured. See
Section 5.3, “Configuring
Certificate Revocation Checking,” on page 31
for more information.
CRL and OCSP revocation checking requires connectivity to the CRL Distribution Point or
OCSP Responder. If the information is unavailable, the validation process fails.
When using OCSP validation, the OCSP response is signed by the responder's certificate. In
order for the response to be considered valid, the responder's certificate must be trusted. Place
the OCSP responder's trusted root certificate in the trusted root container to identify it as
trusted.
Summary of Contents for Enhanced Smart Card Method 3.0.1
Page 4: ...novdocx en 6 April 2007...
Page 8: ...8 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Page 10: ...10 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Page 20: ...20 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Page 24: ...24 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Page 28: ...28 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Page 40: ...40 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Page 44: ...44 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...