Advanced Authentication supports the certificate-based PKCS#11 contact smart cards and USB tokens (crypto sticks).
Device Service supports the following devices:
Aladdin eToken PRO 32k/72k with SafeNet Authentication Client 9
ruToken
To use PKI, specify a PKCS#11 module for your PKI device. See PKI Settings for more information.
The following are the requirements for used certificates:
Certificate must contain the OCSP or CRL link to check revocation status.
Certificate must contain a key pair: public and private key in the x509 format. The certificates that do not comply with the requirements are ignored (hidden during enrollment).
NOTE:The cards Cosmo polIC 64K V5.2 and Cyberflex Access 64K V1 SM 2.1 support the certificate-based enrollment only (generate a key pair mode is not supported).