VMview4 clientauthentication via certificate without smart card

Hello world

is it possible (and if so how) to configure ssl in the way that only customers who have a certificate can connect to vmview?

The certificate must be issued by a CA Windows. The broker for connections is already operating with a certificate issued by the ca of th.

Thank you

MSA

Certificates installed locally (with extended key usage the Client authentication) can be used for authentication on the view connection server.  So to do what you ask, you must configure the authentication of smart card on the view connection server (see the Administrator's guide) and assign required and then just not to distribute cards to chip to users.  However, users would not get, single-sign - on because there is no smart card to be redirected to the remote desktop.

Tags: VMware

Similar Questions

  • Problems of blackBerry Smartphones initialization of a 330 of SafeNet via the BlackBerry Smart Card Reader

    Hello

    I managed to use my PC BlackBerry smart card reader. Now, I am trying to initialize a smart card SafeNet 330 with SafeNet BSEC from the PC tool. But everything I do the initialization fails.

    Has anyone been initialized properly a card in this way by the BlackBerry smart card reader?

    I suspect a problem with the drive, why I'll try to find my Gemplus400 player and see if it works.

    Thank you

    Chris

    Using the player of Gemplus400 did the trick. Looks like the BlackBerry SCR reader stumbles on the configuration of the password during initialization of the as it does not define the label successfully.

  • Smart card certificate number

    Hello

    We use Gemalto ID smart cards first .net to open a session in our office systems and use the same to work from home, connecting via Citrix Online site.

    Lenovo laptop at home is able to install the card reader and the smart card. A copy of the certificate of the smart card is copied to the Windows 8.1 point certmgr. However, when you access our website, IE does not read the certificate.

    Our website accepts the connection via IE, Chrome and Firefox. All 3 browsers are unable to read the certificate and there is no prompt to choose the certificate also.

    This has been noted on all laptops Lenovo only. No problem when using other brands with the same operating system.

    Details of the laptop

    Model tested: Lenovo Z50-70

    OS: windows 8.1

    Used browsers: IE 11, Chrome and Firefox (latest versions)

    Smart Card: Gemalto IDEPrime .net card

    Only issue with different models of Lenovo laptops. Other brands with the same operating system and browsers works fine.

    Let me know if you need more details

    Thank you

    RAM.

    I reset my computer to factory settings and found the culprit.

    -DISCOVERY OF VISUAL SUPERFISH INC.

    Remove this program and your browser must Access your certificates with no problems.

    -Bryan

  • Smart Card Logon test is a failure

    Hello, we are test user log-ins via the authentication by smart card on a closed network and we have had no success in connecting with our cards to chip on test stations.  We received an external domain domain controller certificates, as well as two root CA certificates and two intermediate certificates.  The workstations to output an error: "the system could not log.  "You cannot use a smart card to log smart card log on is not supported for your user account (Windows 7)" or "the system could not log.  The authentication server you reported and error (0xC00000BB).  You can find more information in the event log.  Report this error to the administrator of the system (Windows XP)".  There is no error useful to examine logs of the events of the workstation.

    On domain controllers, the following errors appear in the system log:

    EVENT ID: 19 Source: Kerberos-Key-Distribution-Center, this event indicates an attempt was made to use smart card logon, but the KDC is unable to use the PKINIT protocol because it lacks an appropriate certificate

    EVENT ID: 29 Source: Kerberos Key Distribution Center The Key Distribution Center (KDC) could not find a suitable to be used for smart card logon, or the KDC certificate could not be verified.  Smart card logon may not work correctly if this problem is not resolved.  To correct this problem, check the existing KDC certificate by using certutil.exe, or sign up for a new KDC certificate.

    Here is the question I have checked/verified so far:

    (1) open ther Certificates.mmc a snap-in and verified software component (under the computer account) the certificate domain controller is located in the 'Personal' certificates, the root CA certificates are located in the "certificate authorities roots of trust", and the intermediaries/subordinate certificates are found with intermediate "CAS" folders

    (2) the insured and default domain policy change certificates have been imported into their respective folders as well.  A ran a gpupdate/force on my workstation to test and verified that the policy works and certificates have been loaded.

    (3) Ran certutil - store-Enterprise NTAuth and verified certificates have been published.

    (4) copied the cert DC to my workstation and ran the following command prompt: certutil - verify - URLFetch DC.cer

    The current result is:

    Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0 x 2)

    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

    Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)

    Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x10000000)

    -----------------------------------Certificate AIA---------------------------------------

    319.1654.0: 0x800072efd (WIN32: 12029): http://URL

    Has no time "AIA": 0

    Error recovery URL: error 0.80072efd (WIN32: 12029)

    URL

    -----------------------------------Certificate CDP---------------------------------------

    Same message as above for AIA

    ERROR: Verify revocation of certificate revocation function returned sheet status could not check revocation because the revocation server was offline.  0 x 80092013 (-2146885613)

    CertUtil: The revocation function could not check revocation because the revocation server was offline

    (5) copied my user on the domain controller certificate and again ran the following command against it: certutil - verify - URLFetch usercert.cer

    (6) from my normal user account, I am able to verify that the CDP URL are correct and that it can download revocation lists.

    I hope I have provided enough detail.  My colleagues and I are confused as to what is to prevent revocation checks and out to the CDP URLS that are valid, ultimately preventing us to connect with our cards smart.  Has anyone ever encountered this problem?  Your help is appreciated in advance.

    You question may be better resolved if you post on the IT Pro Forum: http://social.technet.microsoft.com/Forums/windows/en-US/home?forum=w7itproinstall

    J W Stuart: http://www.pagestart.com

  • Generate public and private keys within the smart card

    Hi all

    I use this code to generate public and private keys within the smart card.

    KeyPair kp = new pair of keys (KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512);
    kp.genKeyPair ();
    PrivateKey prikey = kp.getPrivate ();
    PublicKey pubkey = kp.getPublic ();

    This code runs without error.

    I need to obtain the public key of the smart card. So I need to get the public key to a byte array.
    But I can't get these keys in array of bytes of plain text.

    The methods I can get for pubkey object are

    pubkey.clearKey ();
    pubkey. Equals (obj);
    pubkey.getSize ();
    pubkey.getType ();
    pubkey.isInitialized (); only these.

    I use
    Eclipse Version: 3.4.1 (level of agreement of the compiler = 1.4)
    Jcop plugin (to connect with the real map and to test the java code in virtual card provided by JCOP)
    OmniKey5321 (characters without contact) card reader

    What is the reason to get those above methods pubkey object? Is it a version problem?
    How can I get the public key in ordinary byte array? Is this possible?
    If it is not possible, is there a way to get the public key as a certificate of export or something another solution?

    If my script is not a possible strategy, how can I use private public keys to send the applet-specific data? Is there a better way to do it?

    Published by: 863766 on June 6, 2011 12:16 AM
    RSAPublicKey pubkey = kp.getPublic();
    

    then

    pubkey.getExponent(...); pubkey.getModulus(...);
    
  • The Authentucated smart card user session is stopped airtight when the card is removed, regardless of httpd SSLSessionCacheTimeout (default 300) setting. Why?

    I installed safety device in the option tab / advanced ff. Then using smart cards to connect to my server. The smart card user is authenticated and secure connection goes smoothly. When the card is removed from the card reader, the connection is immediately interrupted, regardless the SSLSessionCacheTimeout settings. Mine is set to 300.

    I did the same thing with IE, it maintains the connection until the expiry of the SSLSessionCacheTimeout.

    It is characteristic of FF-specific-designed? Or do I FF browser-specific sth keep my secure connection based on the parameter SSLSessionCacheTimeout?

    Thank you

    Hey SecureDevPaty,

    I wonder if you have installed a cert in the side server or client-side.

    I'm not an expert in the present, but these are the references that I found. I * think * after reading this session http://stackoverflow.com/questions/12.../session-disconnect-the-client-after-smart-card-is-removed LAA there is a feature of ssl in the about: config page. If you are looking for ssl, look at the features of trading. who, after having reread the thread we already did.

    I started to read more about the rules of ssl

    and a few rfcs. My question is, the rule for timeout, is this set on the server? with a specific rule in the cert? If it is a basis of cert, I would ask stackoverflow.com

  • KB931125 Rompt Web server authentication by smart card...

    Windows 2008 Enterprise SP2 IIS7

    The Web site is authenticated against AD with smart card.  Works great... until KB931125 is installed.  As soon as this update of root certificate is installed, all customers get 403.7 error.  I'm going back the VM to the snapshot before KB931125 was installed and everything works well again.  It don't seem to be a way to delete/cancel the damage inflicted by this update of root certificate.

    I found this post: http://msmvps.com/blogs/bradley/archive/2007/03/01/warning-problems-with-root-certificates-update-kb931125.aspx and cleaned on the certificates, but it is not always correct it.

    Please notify.

    It turns out that I'm not a not delete simply not enough of the root certificates.  It works now after the removal of about 1/2 of them.

  • Backup blackBerry Smartphones stuck on 'Backing up Smart Card Options 1 of 1 Record'

    My phone has decreased memory for some reason any. Will not allow me to take a lot of pictures even if I deleted most of the photos and videos. Now when I try to backup on desktop, the process hangs on 'Backing up Smart Card Options 1 of 1 Record'. I tried to backup without the memory card, but get the same result with the gel. Any help?

    Hi Bbnoviceja

    Welcome to the Forums of the BlackBerry Support

    Regarding your backup problem, plug your device and run BlackBerry Desktop Software for windows in the office software click Devive > delete data > data choose selected > scroll social power database > mark it and whose losses. Once this part is deleted, try to perform a full backup.

    KB29522 : "Backup of database error" message is generated to Database Options smart card when you back up the smart phone BlackBerry with the BlackBerry Desktop Software

     

    Regarding your second question with memory, remember that you have the memory card and then try to transfer these multimedia files from your device to your media card memory:

    KB05478 : , transfer files between the card and device memory on a BlackBerry smartphone  

     

    Or:

    KB29523 : How to manually transfer files between a Windows computer and a smart phone BlackBerry

     

    Try it and tell us if you feel any problem.

     

  • T510 smart card reader

    Hello everyone,

    I have a T510 4313-CTO with a contact smart card reader.

    I just wanted to know if the 60Y5031 of contactless smart card reader is a contactless and contact or contactless only reader.

    If only without contact, is it an option to have both in the machine?

    It is quite difficult to find info on this subject.

    Thank you

    Vince.

    Vince69 wrote:

    Hello everyone,

    I have a T510 4313-CTO with a contact smart card reader.

    I just wanted to know if the 60Y5031 of contactless smart card reader is a contactless and contact or contactless only reader.

    If only without contact, is it an option to have both in the machine?

    It is quite difficult to find info on this subject.

    Thank you

    Vince.

    You can drag a card inside, I still so he can recognize a card without contact without sliding into place.

  • Can I sign a document with my digital signature using professionals DC smart card?

    Can I sign a document with my digital signature using professionals DC smart card?

    You mean certificate on your smart card, right of signature? If the certificate on your smart card is designed to sign then the answer is "Yes, you can. CA that issued a certificate place some fields that can restrict its use, say, as well as encryption, only signature or authentication of the server only, etc. The certificate on your smart card doesn't have to be no restrictions to use incompatible with signature for you to be able to sign with her. You can simply try to connect your smart card and watch if Acrobat accepts the certificate for the signature.

  • See 5.1.2 problem with smart cards - reader to not see Office.

    Hi all

    We try to roll an office linked Clone pool that is used by our service accounts and as such, they need to be able to use for banking smart cards. We have installed all the necessary software on the machine of model (GemSafe Gemalto) and also one of our Thin Clients (Wyse V10L or C10LE) connected to the model directly via RDP with the card reader chip attached to ensure that different drivers installed correctly and all is well, the virtual machine is able to see the smart card reader.

    The problem comes when spread us these machines up to the pool, the smart card reader is not detected at all. We tried to connect from the Client light view or via RDP directly to one of the linked Clone desktops and both meet the same problem, that is, the drive is not seen at all. If we plug/unplug the drive of the Wyse terminal we see it be detected in the log of the events on the Client itself.

    Can what tools or newspapers we use side view or VMware to solve this problem?

    To confirm, in the settings to connect to the server by smart card authentication is set to optional. In Global political USB access is set to allowed.

    If need more information please ask and I will be happy to provide it.

    Thanks in advance.

    Right, we got to the bottom of it... and I am kicking myself!

    There is a GPO side configuration of the active computer. Administrative Templates/Windows components/Remote Desktop Services / Remote Desktop Session Host / Device and resource Redirection - do not allow redirection of card device chip.

    GRRRR!

  • VMWare View fails with windows 7 ultimate 64 bit and smart card

    I have two PC's are both 64-bit Windows 7 Ultimate machines.  My laptop connects to my work PC, but my office will not.  He is aware of my smart card, but when I try and connect it fails saying "failed to connect to server to connect to view. Smart card or certificate authentication is required. "Anyone else had a problem like this?

    See http://blogs.vmware.com/view/2010/10/troubleshooting-smart-card-authentication-using-the-windows-view-client.html for more information on this problem.  Let me know if you have any questions.

  • With the help of store app China without credit card US

    IM living in China and for this reason the apps I can download only from the Chinese market which is very limited. So I want to know that how to get or use the US app store for mac while Im in China without credit card?

    You must be a legal resident of the United States in order to create an account for the US iTunes Store. Without credit card with a U.S. Bank with a verifiable address of billing in the United States, you must have the United States iTunes gift cards to buy to pay for purchases.

    By the end of 2012 Mac minis, macOS?  Watch 38 mm silver AL, watchOS 3; iPad 2 Air & iPhone 6 + iOS 10.0.1;  Apple Airport Express

  • can I use a mini ipad 4 (which has more cellular wifi) without sim card installed

    can I use a mini ipad 4 (which has more cellular wifi) without sim card?   I managed to update to 9.3.3 but the wifi keep disconnecting and lock the screen when I go to settings, Wifi.

    Yes, you can remove the sim card. The iPad will be only nag you about the missing card every now and then. But the sim card has nothing to do with wifi...

  • Remote graphics software: Support for smart card for the RGS

    Hello community!

    Read the manual of RGS 7.2, the section on smart card authentication implies that the functionality is restricted to the receivers of Windows. Should the sender also be a Windows system? For example, you could use a receiver of Windows with a smart card reader to transmit this information to a sender of Linux supported?

    Thank you!

    Smart cards are not supported on shippers Linux at this time.

Maybe you are looking for