[Pki-users] "Format" button never enabled in Enterprise Security Client

Steve Ross sross at trustedcs.com
Fri Sep 20 22:20:22 UTC 2013 

I'm a new user of the Dogtag Certificate System...

I am trying to create a certificate and write it to a smart card.

My problem is that my Enterprise Security Client (ESC) does not allow me 
to format the smart card. When I insert the blank smart card, the ESC 
GUI shows
     Issuer = Unknown
     Issued To = Unknown
     Status = Unformatted

However, the "Format" button is disabled and remains so.  Why?  Is there 
any configuration that I need to do in one of the PKI subsystems or ESC 
itself?

When I instead insert a Common Access Card (CAC), the ESC GUI shows
     Issuer = U.S Government
     Issued To = <name>
     Status = Enrolled

and ESC is able to display thethree certificates of the CAC.  So, my 
hardware/software is working to the extent that it can read another card.

I see the section in the Red Hat Certificate System (RHCS) 8.1 
"Deployment, Planning, and Installation" guide that says:

     The Certificate System subsystems have been tested using the 
following tokens:
         Gemalto TOP IM FIPS CY2 64K token, both as a smart card and 
GemPCKey USB form factor key
         Gemalto Cyberflex e-gate 32K token
         Safenet 330J Java smart card

I also see the section of the RHCS "Managing Smart Cards with the 
Enterprise Security Client" that says:

     The Enterprise Security Client supports smart cards which are 
JavaCard 2.1 or higher and Global
     Platform 2.01-compliant and was tested using the following cards:
         Safenet 330J Java smart cards
         Gemalto 64K V2 tokens, both as a smart card and GemPCKey USB 
form factor key
         Gemalto GCx4 72K and TOPDLGX4 144K common access cards (CAC)
         Oberthur ID One V5.2 common access cards (CAC)
         Personal identity verification (PIV) cards, compliant with FIPS 201

The smart card that I'm using is none of the above, though it exceeds 
the standards that the ESC manual describes.


Following are the details of my smart card, reader, and installed software:

Smart card:
   J2A080 - NXP JAVA based smart card, 80k EEPROM
   This is supposed to meet the standards JCOP 2.4.1, JC 2.2.2, and GP 
2.1.1.
   It is a new card and is not supposed to have any applets on it.


Smart card reader:
   OmniKey 3121


Operating system:
   CentOS 5.9


Software packages installed:
   esc-1.1.0-14.el5.centos.1
   pki-ca-1.3.6-1.el5
   pki-tks-1.3.3-1.el5
   pki-tps-1.3.1-1.el5
   coolkey-1.1.0-15.el5
   tomcat5-5.5.23-0jpp.40.el5_9
   httpd-2.2.3-82.el5.centos


Thanks in advance for any help,
-- Steve Ross

More information about the Pki-users mailing list