Smartcard 2.0 - Getting started

Getting started

Follow these steps to get going with the setup of Smartcard2.0.

Environment Setup

You will need two card readers connected to a Windows XP machine.
Smartcard2.0 is a vmware image where everything is installed. The image is based on Debian Linux.
For the poc/demo it is recommended to run the image in vmware player on the Windows XP machine.

Installation - On the Windows XP Machine

• Install vmware player
• Install Java 6 update 4
• Install NetId

Installation - preformat all cards

In this stage we need to do preformating of the raw cards used in this poc/demo but this step will most likely be unnecessary later on, htmf will be able to do this for you. Go to the Secmaker's demo webpage and follow these steps carefully:

• Select the cardreader
• Select 'Initera kort'
• Select 'SetCos 4.4.1'
• Use 12345678 as 'Sakerhetskod for administratoren' and 'Bekrafta sakerhetskod'
• Use 12345678 as 'Sakerhetskod for en upplasning' and 'Bekrafta sakerhetskod'
• Use 123456 as 'Forsta sakerhetskod(identifiera)' and 'Bekrafta sakerhetskod'
• Use 123456 as 'Andra sakerhetskod(signera)' and 'Bekrafta sakerhetskod'
• Important to use ''(empty string) as 'Namn'
• When the popup 'Det smartakortet ar nu initerat' pops up it's safe to remove the smartcard and start from "Select 'SetCos 4.4.1'" again as many times you need cards.

Important note: these codes will no be used after you have initalized the cards with htmf, then you use the codes displayed by the GUI.

Start server image

• Unzip the vmware image from your dvd-unit into a directory on your local harddrive
• start the vmware image from [hard-drive]\smartcard2.0\smartcard2.0.vmx
• login with user: htmf password: htmf
• check ip with: # /sbin/ifconfig
• put ip in windows host file(c:\windows\system32\drivers\etc\hosts) ex: "192.168.0.100 smartcard20.demo" (smartcard20.demo is a fake but valid name and since it dont has a usual ending like .se .org it wont collide with anything real)
• use putty to login to smartcard20.demo
• username: htmf password: htmf
• cd /usr/local ; sudo ./htmf-setup
• The initalization of the server will take about 5 minutes on a p4 2G laptop

Issue the first admin manually

• The first admin must be issued via the traditional EJBCA webpage so you can use that card to authenticate yourself when running htmf/tolima
• Open EJBCA Enrollment page
• Logon with username: SUPERADMIN_1 password: ejbca
• Use the option at the bottom of the page: "Please choose the CSP you wish to use ..."
• Provider: select "Net iD - CSP"
• Key size: 1024
• Add to eID card: UNchecked
• Press OK

Install Smartcard2.0

It's time to install the application on the card administrators workstation, download and install the smartcard20 installation package

• Installation of hardtokenmgmt
• Double-click on the HardTokenmgmt install package to install that file
• If you need the CA-certificates for later use there accessable from this URL: CA-certs

Installing apache-cert/config

There is a script the configures apache webserver on the image

• as root run:
• # cd /usr/local/
• # htmf/src/inst/smartcard20/configure-apache.sh
• to test any smart card open https://smartcard20.demo/test-your-certificate.cgi

Admin tips

• Start Smartcard2.0 via 'start btn' -> 'Programs' -> 'Smartcard2.0' -> 'Smartcard2.0'
• Insert the admin smartcard, Enter the PIN for the admin card
• Wait for the message to insert the next card to administer.
• First thing to try is to insert a empty card and do a standard issuing of a card
• Do try the revoke and erase function
• Start Smartcard2.0 with a "user" card and try the approval-based user issuing functions
• For full documentation read the "System admin guide"
• and the "Card admin guide"
• If you like a step by step instruction you can use the test protocol