Lexmark X782e PKI-Enabled Pre-Installation Guide - Page 6

PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is not used by this application. The Email certificate is used by this application. The certificate contains several important pieces of information: • Smart Card Logon Enhanced Key Usage - This flag indicates the certificate can be used for logging onto a Windows system. See Microsoft's documentation (http://support.microsoft.com/kb/281245) for this requirement. • User Configuration Information o Universal Principal Name (UPN) and EDI-PI - The UPN provides a standard identifier used throughout the organization. The standard format for the UPN is: @ For a military CAC card, the UPN would be something like: 12345678@mil The mil is the DoD's common domain name. The 12345678 is the EDI-PI. The EDI-PI can be used as an identifier independently when separated from the mil domain. o Email Address - The user's Email address: [email protected] This information is also referred to as the RFC822 name. o Subject Name - The user's Distinguished Name on the DoD's PKI system: CN=SMITH.JOE.12345678, OU=Contractor, OU=PKI, OU=DoD, O=U.S. Government, C=US This subject name will typically be different than the subject name used in the IT systems for an individual branch or command organization. Version 2.0.0 Page 2