Home » HP Manuals » Desktops » HP Bc1500 » Manual Viewer

HP Bc1500 Implementing Gemalto Smart Card for Use with HP Compaq t5720 and HP - Page 39

Usage case 4: Accessing secure Web site

Add to My Manuals
Save this manual to your list of manuals

Page 39 highlights

2. Open the HPSAM client window and initiate a connection to the blade PC or Active Directory Server. 3. Make sure a smart card is installed in the reader. The system requests the smart card PIN. 4. Type the PIN that you assigned. The user is logged into the blade PC or Active Directory Server. Usage case 4: Accessing secure Web site The following steps provide instructions for accessing a secure Web site using an Gemalto smart card through a blade PC or Active Directory Server. Installing and configuring a secure Web site is beyond the scope of this white paper; therefore, the white paper assumes the secure Web site is already functional and accessible from the blade PC or Active Directory Server. The white paper also assumes that you can use the certificate installed on the smart card to access this secure Web site. 1. Log in to a blade PC or Active Directory Server using a smart card, as demonstrated in usage case 1. 2. Use Internet Explorer to connect to a Web site to make sure the system is functioning properly. Con- nect to a Web page on the same server as the secure Web site. 3. Confirm that the lower right corner of the Internet Explorer window does not display a lock icon. 39

Section	Page
Implementing Gemalto Smart Card for Use with HP Compaq t5720 and HP CCI	1
Introduction	2
Prerequisites	2
1. GemSafe Libraries v5.0 SE or GemSafe Libraries v5.1 SE (Vista).	2
2. Gemalto Java Cards:	2
3. Before installing GemSafe Libraries you must connect the smart card reader.	2
Reference hardware and software	3
Reference Documents	4
Installing GemSafe Libraries 5.0 SE to Server and Client PCs (Optional)	5
1. Close all opened Windows programs and applications.	5
2. For Server installation, insert the GemSafe Libraries 5.0 SE CD.	5
3. The installation program will start automatically if the computer is configured to \	5
4. The GemSafe Libraries InstallShield Wizard displays the Autorun window.	5
5. Select the language of your choice and click Install to continue.	5
6. Click Next to continue; GemSafe Libraries Install Shield Wizard displays the License Agreement win dow.	6
7. Read the Gemalto License Agreement and click Yes to continue; the GemSafe Libraries InstallShield Wizard displays the Choose Destination Location window.	6
8. Click Next to install GemSafe Libraries to the default location or select a different location by using the Browse button.	7
9. Click Finish to complete the installation; the GemSafe Libraries InstallShield Wizard displays the Reboot Dialog.	8
10. Click Yes to restart the system immediately or No to restart your computer later.	8
Installing Microsoft Certificate Services	9
1. Click Start > Control Panel.	9
2. Select Add or Remove Programs.	9
3. In the left panel, select Add/Remove Windows Components.	9
4. Click Certificate Services, and then click Next.	9
5. Select Enterprise Root CA, and then click Next.	10
6. Click Yes to accept the warning.	10
7. Type a Common name for this CA, and then click Next.	11
8. Select Next to accept Certificate Database Settings.	11
9. Click Yes when prompted to temporarily stop ISS.	12
10. Click Finish to complete the installation.	13
Configuring a Certificate Authority (CA) service	13
1. Create a MMC with following snap-ins:	13
2. Click Certificate Templates and look for the Smartcard User certificate template in the right pane.	13
3. Create a duplicate template by right-clicking on the Smartcard Logon certificate template, and then selecting Duplicate Template.	14
4. Type a name for the new template in the Template Display name box. This example uses CCI Smartcard User	14
5. Click the Request Handling tab.	15
6. Select 1024 in the Minimum key size box.	15
7. Click the CSPs button.	15
8. Select Requests can use any CSP available on the subject’s computer.	15
9. Click the Security tab.	15
10. In the Permissions for Authenticated Users area, in the Allow column, select both Read and Enroll.	16
11. Copy the CCI SmartCard User certificate template into the Certificates Templates folder under the certificate server.	16
12. Select the template, and then click OK to import the template.	17
Configuring Microsoft Certificate Authority to Issue Smart Card User Certificate	18
1. Click Start > Administrative Tools > Certification Authority.	18
2. Expand the defined CA.	18
3. Right-click Certificate Templates, and then select New.	18
4. Launch Internet Explorer and browse to http://localhost/certsrv.	19
5. Under Select a task, select Request a certificate.	19
6. Select advanced certificate request.	20
7. Select Create and submit request to this CA.	20
8. In the Certificate Templates box, select Enrollment Agent.	21
9. Verify Enrollment Agent Settings in the Key Options section as follows:	21
10. Accept default settings under Additional Options.	22
11. If a warning message displays about a potential scripting violation, press Yes to continue with the cer tificate request.	22
12. Install the Enrollment certificate requested.	22
13. Select Yes to Potential Scription Violation.	23
Manually issue Smart Card User Certificate	24
1. Launch Internet Explorer and browse to http://localhost/certsrv.	24
2. Select Request a certificate.	24
3. Select advanced certificate request.	24
4. Select Request a certificate for a smart card on behalf of another user by using the smart card certificate enrollment station.	25
5. Select Smartcard User under Enrollment Options.	25
6. Define the user to enroll by clicking Select User.	26
7. Insert Smart Card into Reader, and then select Enroll.	26
Testing the Smart Card	27
1. Launch the GemSafe Toolbox by selecting Start > All Programs > Gemplus > GemSafe Toolbox.	27
2. Select Certificates.	27
3. Insert the smart card and type the PIN. This displays the certificates that you manually issued to the card in “Configuring Microsoft Certificate Authority to Issue Smart Card User Certificate” on page 18.	28
4. Select the Diagnostic/Help tab in the left frame.	28
5. Select the Smartcard and readers diagnose button.	29
6. From the Smartcard Diagnostic Utility, select Start.	29
Creating Customized User Install Packages for Clients PCs (Optional)	30
1. Launch the GemSafe Toolbox by selecting Start > All Programs > Gemplus > GemSafe Toolbox.	32
2. Select Software Administration.	32
3. Select PIN Policy in the left frame.	32
4. To store PIN Policy settings, select Save as, and then type a file name.	33
5. Select GemSafe in the left frame.	33
6. Define what GemSafe Toolbox functionality will be provided to your users.	33
7. To store the user libraries configuration, select Save as, and then type the file name.	34
8. Select Libraries User Setup in the left frame, and then define Libraries User Setup.	34
9. To provide a Setup Name for Libraries User Setup, select Create Setup. Be sure to note the setup path.	35
10. Select OK. The new setup has been created.	35
Additional Information	36
Using a Smart Card For Windows Network Login	36
Administration of the GemSafe Smart Card	36
Working with GemSafe Libraries	36
Usage cases	37
Usage case 1: User authentication from blade PC to Active Directory Domain	37
1. Ensure the CCI blade is connected to Active Directory Domain	37
2. ”Log Off” or reboot the CCI blade.	37
3. Make sure a smart card is installed in the reader. The system requests the smart card PIN.	38
4. Type the PIN that you assigned. The user is logged into the Active Directory Server	38
Usage case 2: User authentication from client device to blade PC or Active Directory Server using RDP	38
1. Log out of the RDP session.	38
2. Open the Remote Desktop Communications window and initiate a connection to the blade.	38
3. Make sure a smart card is installed in the reader. The system requests the smart card PIN.	38
4. Type the PIN that you assigned. The user is logged into the blade	38
Usage case 3: User authentication from client device to blade PC or Active Directory Server using HPSAM client	38
1. Log out of the RDP session.	38
2. Open the HPSAM client window and initiate a connection to the blade PC or Active Directory Server.	39
3. Make sure a smart card is installed in the reader. The system requests the smart card PIN.	39
4. Type the PIN that you assigned. The user is logged into the blade PC or Active Directory Server.	39
Usage case 4: Accessing secure Web site	39
1. Log in to a blade PC or Active Directory Server using a smart card, as demonstrated in usage case 1.	39
2. Use Internet Explorer to connect to a Web site to make sure the system is functioning properly. Con nect to a Web page on the same server as the secure Web site.	39
3. Confirm that the lower right corner of the Internet Explorer window does not display a lock icon.	39
4. In Internet Explorer, type the address of a secure Web site.	40
5. If the system displays security alert messages, click OK.	40
6. After the secure Web site displays, a lock icon in the lower right corner of Internet Explorer confirms that you are connected to a secure Web site.	40
Usage case 5: User authentication using VPN through firewall to blade PC or Active Directory Server	40
1. In the Control Panel on the client computer, open Network and Internet Connections.	40
2. Select the Create a connection to the network at your workplace task.	40
3. In the New Connection Wizard, select Virtual Private Network connection.	40
4. In the Company Name box, type the name for the VPN connection (for example, Work), and then click Next.	41
5. Select Do not dial the initial connection, and then click Next.	41
6. In the text box, type the host name or IP address of the VPN tunnel, and then click Next.	41
7. Select Use my smart card, and then click Next.	41
8. Select Add a shortcut for this connection to my desktop, and then click Finish.	41
1. In Control Panel, open Network and Internet Connections > Network Connections.	41
2. Right-click on the VPN connection icon and select Properties.	42
1. Start the VPN connection.	42
2. In Smart card PIN, type the PIN, and then click OK.	42
Usage case 6: User authentication from client device using Citrix server	43
1. Click the Citrix Program Neighborhood desktop shortcut.	43
2. Click Add ICA Connection to set up a new client connection or to use a pre-existing Citrix connec tion.	43
3. Select properties for the ICA connection, click the Logon Information tab, select Smart card, and then click OK.	44
4. Double-click the shortcut to connect to the Citrix server.	44
5. During logon to the server, the smart card login prompt appears for authorization.	44

Match case Limit results 1 per page

Open the HPSAM client window and initiate a connection to the blade PC or Active Directory Server.

Make sure a smart card is installed in the reader. The system requests the smart card PIN.

Type the PIN that you assigned. The user is logged into the blade PC or Active Directory Server.

Usage case 4: Accessing secure Web site

The following steps provide instructions for accessing a secure Web site using an Gemalto smart card

through a blade PC or Active Directory Server. Installing and configuring a secure Web site is beyond the

scope of this white paper; therefore, the white paper assumes the secure Web site is already functional

and accessible from the blade PC or Active Directory Server. The white paper also assumes that you can

use the certificate installed on the smart card to access this secure Web site.

Use Internet Explorer to connect to a Web site to make sure the system is functioning properly. Con-

nect to a Web page on the same server as the secure Web site.

Confirm that the lower right corner of the Internet Explorer window does not display a lock icon.