Advanced Authentication supports the certificate-based PKCS#11 contact smart cards and USB tokens (crypto sticks).
Device Service supports the following devices for PKI:
Aladdin eToken PRO 32k/72k with SafeNet Authentication Client 9
ruToken
SafeNet Authentication eToken on the Mac OS.
To use PKI, specify a PKCS#11 module for your PKI device. For more information, see PKI Settings.
Ensure that the following requirements are met while using the used certificates:
Certificate must contain the Authority Information Access (AIA) and Certificate Revocation List (CRL) link to check the revocation status.
Certificate must contain a key pair: public and private key in the x509 format. The PKI service does not detect the certificates that do not comply with the requirements (are hidden during enrollment).
NOTE:The cards Cosmo polIC 64K V5.2 and Cyberflex Access 64K V1 SM 2.1 support the certificate-based enrollment only (key pair mode is not supported).
To enable the use of SafeNet Authentication eToken device (PKI) on Mac OS, perform the following steps:
Install the latest Device Service on Mac OS.
Install the SafenetAuthenticationclient9.1.2.0.dmg package.
You can download SafeNet Authentication Client from Knowldege Symantec website.
Run the following commands to restart the Device Service:
sudo launchctl unload /Library/LaunchDaemons/com.netiq.deviceservice.plist
sudo launchctl load /Library/LaunchDaemons/com.netiq.deviceservice.plist
Connect the SafeNet Authentication eToken (PKI) to Mac OS workstation.