Chapter 4. Using Enterprise Security Client Keys for SSL Client Authentication and S/MIME

Chapter 4. Using Enterprise Security Client Keys for SSL Client Authentication and S/MIME

4.1. Using the Certificates on the Token for SSL
4.2. S/MIME Applications

After a token is enrolled, the token can be used for SSL client authentication and S/MIME email applications.

The PKCS #11 module has different names and is located in different directories depending on the operating system. These are described in the following table:

Platform Module Name Location
Windows coolkeypk11.dll C:\Windows\System32\
Red Hat Enterprise Linux libcoolkeypk11.so /usr/lib/
Macintosh libcoolkeypk11.dylib /Library/Application Support/CoolKey/PKCS11
Table 4.1. PKCS #11 Module Locations

4.1. Using the Certificates on the Token for SSL

To use the certificate on the token for SSL in an application such as Mozilla Firefox:

  1. In Mozilla Firefox, open the Tools menu, choose Options, and then click Advanced.

  2. Add a PKCS #11 driver.

    NOTE

    Windows and Macs automatically attempt to load the PKCS #11 module to any Mozilla browsers they find.

    1. Click Manage Security Devices to open the Device Manager window, and then click the Load button.

    2. Enter a module name, such as token key pk11 driver.

    3. Click Browse, find the Enterprise Security Client PKCS #11 driver, and click OK.

  3. If the CA is not yet trusted, download and import the CA certificate.

    1. Open the SSL End Entity page on the CA. For example:

      https://example.com:9443/ca/ee/ca
    2. Click the Retrieval tab, and then click Import CA Certificate Chain.

    3. Click Download the CA certificate chain in binary form and then click Submit.

    4. Choose a suitable directory to save the certificate chain, and then click OK.

    5. Click Edit > Preferences, and select the Advanced tab.

    6. Click the View Certificates button.

    7. Click Authorities, and import the CA certificate.

  4. Set the certificate trust relationships.

    1. Click Edit > Preferences, and select the Advanced tab.

    2. Click the View Certificates button.

    3. Click Edit, and set the trust for websites.

The certificates can be used for SSL.