When you deploy an AD FS farm, token-signing certificates are installed differently, depending on how you create the server farm. Electronic archival CyberSecurity Cards. User’s guide Aladdin eToken Athena 1. Unlocking the device 4. By continuing to browse the site, you are agreeing to our use of cookies. Electronic archival CyberSecurity Cards. Accessing the device and changing its PIN code 3.

Uploader: Kagalmaran
Date Added: 21 December 2004
File Size: 68.48 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 18388
Price: Free* [*Free Regsitration Required]

Electronic archival CyberSecurity Cards. Signing the confirmation document for ANAF It is a public key infrastructure PKI best practice to not share the private key for multiple purposes. You can obtain a token-signing certificate by requesting one from an enterprise CA or a public CA or by creating a self-signed certificate.

For a token-signing certificate to successfully sign a security token, the token-signing certificate must contain a private key. Tokfn token will lock if you enter the wrong PIN code for 15 times in a row. Choose the type you’d like to provide: Installing the cryptographic module in Mozilla Firefox 6.

Load the digital certificate on your token

There are two server farm options that you can consider when you obtain token-signing certificates for your deployment:. After importing the root, or if you do not have a dedicated root, you can now import the issuing certificate:. This relation is expressed by the generation counter.


Using the digital certificate To use your digital certificate, you will need to: A private key from one token-signing certificate is shared among all the federation servers in a farm.

A cypto token is an entity used to do cryptographic operations.

Unlocking the device

When using the default config, the system expects the private key as file where the name of the file is constructed from the complete alias name. Using the digital certificate 9. If the lifetime of a token is approaching its end, you can just add a foken token using the same commands as above.

Later, after they are received by a partner federation server, these keys validate the authenticity by means of the public key of the encrypted security token. The datasafe token is represented by a certificate but is never exposed cettsign the public so it is acceptable to use a self-signed certificate here:.

How to load the digital certificate on your token

Unlocking the device 5. The Web server then allows the appropriate access to the client. This option is more expensive if you plan to obtain your token-signing certificates from a public CA.

If your token key are protected with a password, make sure that all passwords for all generations are still accessible as long as you need the token – issuing tokens are usually used to sign CRLs even after their active issuing period is over and datasafe tokens are required to access archived keys or other data. By continuing to browse the site, you are agreeing to our use of cookies. A default system has four groups: Do not disclose this PIN code to anyone!

It is a cryptographic device token that can only store your digital certificate and its keys. By continuing to browse the site, you are agreeing to our use of cookies.

By doing so, you will delete the certificate or the cryptographic keys from the token and you will need to buy a new certificate. Electronic archival CyberSecurity Cards Technical support: For federation partner environments, when the token-signing certificate has been issued cerrsign a CA, ensure that:.

Installing the certificate in Internet Explorer 4.

SafeNet | Using the digital certificate

Windows ServerWindows Server R2, Windows Server Federation servers require token-signing certificates to prevent attackers from altering or counterfeiting security tokens in an attempt to gain unauthorized access to federated resources. The Web server in the resource partner uses the public key of the token-signing certificate to verify that the security token is signed by the resource federation server.

By entering the wrong PUK code 15 tokeb times, your device will lock permanently and you will need to buy a new device and a new certificate. Electronic archival CyberSecurity Cards.

To unlock it, follow the steps described in the chapter Unlocking the device Do not delete any object from your token!