The following describes a simple way to test your new PIVKey with HTTPS client certificate authentication against a web site.
Client authentication is when a client computer or user attempts to access a directory on the server (for example, a web page in that directory), and the server requires the client to submit a certificate for authentication before the server allows access to the directory.
https://pivkey.com/test/ is a directory with a web page on the PIVKey server that is configured to require this type of client certificate authentication. All standard PIVKeys are provided with a digital certificate issued by the Taglio PIVKey device Certificate Authority (CA) and only those certificates are allowed to access this directory. This allows to test whether a PIVKey is working without any downloaded software and without loading any new certificates onto the PIVKey.
When a PIVKey user has their PIVKey inserted and browses to that directory, the server asks for a client certificate. The PIVKey provides that certificate (users are prompted to choose it), the server checks that it's a valid PIVKey certificate issued from the Taglio PIVKey CA, prompts for a PIN, and allows access to the web page.
Make sure you have inserted the PIVKey Token into a USB slot, or have inserted the PIVKey smart card into the Smart Card Reader.
To test, bring up Microsoft Edge, Internet Explorer or Chrome and browse to:
You will be requested to choose the certificate to log on to the test site, as shown here in Google Chrome:
By pressing the "Certificate Information" button, you can look at the details of the PIVKey certificate.
Google Chrome:
Select OK on the certificate selection dialog and the PIN request dialog will appear.
Enter the PIN (by default this is "000000") and the Test Web site will come up.
You can confirm that the PIVKey certificate was used by selecting the "Certificate Info" page.
If the authentication fails, you will see the following message:
On Microsoft Edge, the certificate confirmation screen looks as follows:
And the PIN entry screen looks as follows:
Note: Testing out of the box with Firefox is not possible. Firefox Browser requires an additional PKCS11 component that supports the PIV interface.
0 Comments