The CAPI store is a repository controlled by Windows that houses a collection of digital
certificates associated with a given CSP. CAPI oversees the certificates, while each CSP
controls the cryptographic keys belonging to the certificates.
The Certificate System CSP is designed to provide cryptographic functions on behalf of
Windows using our supported smart cards. The Windows CSP performs its requested
cryptographic functionality by calling the Certificate System PKCS #11 module.
The Certificate System CSP, which has been signed by Microsoft, provides the following
features:
• Allows the user to send and receive encrypted and signed emails with Microsoft Outlook.
• Allows the user to visit SSL-protected websites with Microsoft Internet Explorer.
• Allows the user to use smart cards with certain VPN clients, which provides secure access to
protected networks.
The required CSP libraries are automatically installed with the Enterprise Security Client. There
are several common situations when a Windows user interacts directly with the CSP.
• When a smart card is enrolled with the Enterprise Security Client, the newly created
certificates are automatically inserted into the user's CAPI store.
• When a smart card is formatted, the certificates associated with that card are removed from
the CAPI store.
• When using applications like Outlook or Internet Explorer, the user may be prompted to enter
the smart card's password. This is required when the smart card is asked to perform
protected cryptographic operations such as creating digital signatures.
4. Smart Card Auto Enrollment
Because the Enterprise Security Client is configured through the Phone Home feature, simple
enrollment of a smart card is extremely easy. Since the information needed to contact the
backend TPS server is provided with each smart card, the enrollment process for the user is
very simple.
Assuming that the smart card being enrolled is uninitialized and the appropriate Phone Home
information has been configured, the user's enrollment process is as follows:
1. The Enterprise Security Client is running.
2. An uninitialized smart card, pre-formatted with the Phone Home information for the TPS and
enrollment interface URL for the user's organization, is inserted. The smart card can be
added either by placing a USB form factor smart card into a free USB slot or by inserting a
Smart Card Auto Enrollment
25
Содержание CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
Страница 2: ...Red Hat Certificate System Enterprise Security Client Guide ...
Страница 4: ...Red Hat Certificate System Enterprise Security Client Guide ...
Страница 6: ...vi ...
Страница 10: ...4 ...
Страница 12: ...6 ...
Страница 18: ...Figure 3 5 Beginning Installation Chapter 3 Installation 12 ...
Страница 26: ...20 ...
Страница 52: ...NOTE There is no uninstallation program for the Mac Chapter 6 Uninstalling Enterprise Security Client 46 ...
Страница 59: ...Index 53 ...
Страница 60: ...54 ...