Chapter 4. Using Enterprise Security Client Keys for SSL Client Authentication and S/MIME
After a token is enrolled, the token can be used for SSL client authentication and S/MIME email applications.
The PKCS #11 module has different names and is located in different directories depending on the operating system. These are described in the following table:
| Platform | Module Name | Location |
|---|---|---|
| Windows | coolkeypk11.dll | C:\Windows\System32\ |
| Red Hat Enterprise Linux | libcoolkeypk11.so | /usr/lib/ |
| Macintosh | libcoolkeypk11.dylib | /Library/Application Support/CoolKey/PKCS11 |
Table 4.1. PKCS #11 Module Locations
4.1. Using the Certificates on the Token for SSL
To use the certificate on the token for SSL in an application such as Mozilla Firefox:
In Mozilla Firefox, open the Tools menu, choose Options, and then click Advanced.
Add a PKCS #11 driver.
NOTE
Windows and Macs automatically attempt to load the PKCS #11 module to any Mozilla browsers they find.
Click Manage Security Devices to open the Device Manager window, and then click the Load button.
Enter a module name, such as
token key pk11 driver.Click Browse, find the Enterprise Security Client PKCS #11 driver, and click OK.
If the CA is not yet trusted, download and import the CA certificate.
Open the SSL End Entity page on the CA. For example:
https://example.com:9443/ca/ee/ca
Click the Retrieval tab, and then click Import CA Certificate Chain.
Click Download the CA certificate chain in binary form and then click Submit.
Choose a suitable directory to save the certificate chain, and then click OK.
Click Edit > Preferences, and select the Advanced tab.
Click the View Certificates button.
Click Authorities, and import the CA certificate.
Set the certificate trust relationships.
Click Edit > Preferences, and select the Advanced tab.
Click the View Certificates button.
Click Edit, and set the trust for websites.
The certificates can be used for SSL.