Are CSPs in a Certificate Template hard coded?
Han Valk
by default. What I would like to do is create a custom smardcard logon
template that only uses the SafeNet iKey CSP. So I installed the
iKeyAll package that contains among other components the correct CSP.
It was my thought that after installing the CSP it would show up under
the CSPs button on the Request Handling tab of the Certificate
Template but it doesn't.
So my question is, is this list of CSPs hardcoded? Is there a way to
add new CSPs to it?
Best regards,
Han Valk.
Chipeater
1. Use LDIFDE to export the certificate template to an LDIF file, then
update the pKIDefaultCSPs value. This is good if you're taking a
programmatic approach to deploying your PKI
2. Use ADSIEdit on Configuration|Services|Public Key Services|
Certificate Templates|<Template Name> then update the pkiDefaultCSPs
value (type in the name of the CSP for SafeNet iKey - you can delete
any other entries). Probably simplest for what you are trying to
achieve.
If you don't know the CSP name, have a look in HKLM\SOFTWARE\Microsoft
\Cryptography\Defaults\Provider on the machine where you've installed
the SafeNet software.
Hope this helps.
Brian Komar (MVP)
appear in the list of available CSPs.
Something must have gone wrong with the installation of the CSP.
Brian
"Han Valk" <han....@somewhere.invalid> wrote in message
news:n2rla4lfrek7okhud...@4ax.com...
Han Valk
select the CSP in the webenrollment pages but not in a template...
What I would like to know is where is the list of available CSPs is
coming from? From AD? Or from the registry of the CA?
Regards,
Han.
Brian Komar (MVP)
The CSP must be installed on the comptuer where the editing is performed to
be available in the templates list
Brian
"Han Valk" <han....@somewhere.invalid> wrote in message
news:frvla4dpfbgtul131...@4ax.com...
Han Valk
the CSP is there. Its called 'SafeNet iKey 1000 RSA Cryptographic
Service Provider'.
Fired up ADSIEdit and copied the name from the registry to the
pkiDefaultCSPs attribute adding 1, in front. Than looked at the
template from the Certificate Templates mmc but the SafeNet CSP
doesn't show up. Even restarted Certificate Service because I hoped
that it would pick up the altered template.
Regards,
Han.
Chipeater
stopping / starting certificates services won't affect this.
Presumably you can actually enrol succesfully now as the correct CSP
is showing up on the web enrolment pages?
As Brian says, providing you are using the Certificate Templates MMC
on the machine where you have installed the SafeNet software, you
should see the CSP listed against the template. If you're opening the
MMC on another machine it probably won't show - but it doesn't really
matter. I've a hunch that you've installed the CSP on a client, but
are running the cert template MMC on a server?
Han Valk
On Tue, 19 Aug 2008 12:25:47 -0500, "Brian Komar \(MVP\)"
Han Valk
installed on a client computer otherwise the smartcard wouldn't work.
But I installed it on the CA too because I thought that would enable
me to select the CSP in a custom template as the only valid CSP.
Han Valk
kind and have a look at an other post from me in this newsgroup with
the subject: Sudden subject change at certificate renewal.
I think I've found the cause and I would like your opinion
Han Valk
Both of you thanks for your help. The problem is solved. I was trying
to customize the SafeNet software so only the minimal amount of
components were installed on the CA. It seems that I must at least
insert the iKey token once, only than the CSP is registered correctly.
I am running the CA as a VM and I did not add a USB controller and
thus did not insert the token. After adding a USB controller to the VM
and inserting the token the CSP was available in templates.
Regards,
Han.