Select the card from the list, and click View Certificates. This displays basic information about the certificates stored on the card, including the serial number, certificate nickname, and validity dates.
To view more detailed information about a certificate, select the certificate from the list and click View. Importing CA Certificates. The other is to create a trust security exception for the site, as in Section 5. Any CA which issues certificates for smart cards must be trusted by the Enterprise Security Client application, which means that its CA certificate must be imported into the Enterprise Security Client.
Open the CA's end user pages in a web browser. Click the Retrieval tab at the top. Choose the radio button to download the chain as a file, and remember the location and name of the downloaded file. Click the View Certificates button. Adding Exceptions for Servers. Current Release Current Release View PDF.
This content has been machine translated dynamically. Give feedback here. Thank you for the feedback. This article has been machine translated. Este artigo foi traduzido automaticamente. Translation failed! Troubleshoot Windows logon issues November 2, Contributed by: C.
The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated.
Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content. November 2, Contributed by: C. In this article Certificates and public key infrastructure UPN name and certificate mapping Control logon domain controller selection Enable account audit events Certificate validation logs Kerberos logs Domain controller and workstation logs Monitoring FAS using Windows event log FAS event logs End user error messages Related information.
Send us your feedback about this article. Citrix Preview Documentation. This Preview product documentation is Citrix Confidential. If you do not agree, select Do Not Agree to exit.
By default, Windows filters out certificates private keys that do not allow RSA decryption. This option overrides that filter. If a certificate does not contain a unique User Principal Name UPN , or it could be ambiguous, this option allows users to manually specify their Windows logon account.
It is removed from the smart card database, including from any reader group that it may have been added to. Although this function automatically clears all readers from the group, it does not affect the existence of the individual readers in the database. SCardGetAttrib Retrieves the current reader attributes for the given handle.
It does not affect the state of the reader, driver, or card. This function does not affect the state of the reader. SCardGetStatusChangeA Blocks execution until the current availability of the cards in a specific set of readers changes.
SCardGetStatusChangeW Blocks execution until the current availability of the cards in a specific set of readers changes. SCardGetTransmitCount Retrieves the number of transmit operations that have completed since the specified card reader was inserted. SCardIntroduceCardTypeA Introduces a smart card to the smart card subsystem for the active user by adding it to the smart card database.
SCardIntroduceCardTypeW Introduces a smart card to the smart card subsystem for the active user by adding it to the smart card database. However, the reader group is not created until the group is specified when adding a reader to the smart card database. In some of the following scenarios, the user can be prompted to insert a smart card. If the user context is silent, this operation fails and no UI is displayed. Otherwise, in response to the UI, the user can insert a smart card or click Cancel.
If the user cancels the operation, the operation fails. The flow chart in Figure 3 shows the selection steps performed by the Windows operating system.
The Base CSP also sends callback functions that have the purpose of filtering and matching candidate smart cards. Callers of CryptAcquireContext provide smart card matching information. Internally, the Base CSP uses a combination of smart card serial numbers, reader names, and container names to find specific smart cards. The Base CSP smart card selection callbacks cache this information. For type I and type II container specification levels, the smart card selection process is less complex because only the smart card in the named reader can be considered a match.
The process for matching a smart card with a smart card reader is:. Find the requested smart card reader. If it cannot be found, the process fails. This requires a cache search by reader name. If no smart card is in the reader, the user is prompted to insert a smart card. This is only in non-silent mode; if the call is made in silent mode, it will fail.
For container specification level II only, the name of the default container on the chosen smart card is determined. To open an existing container or delete an existing container, find the specified container. If the specified container cannot be found on this smart card, the user is prompted to insert a smart card. If the system attempts to create a new container, if the specified container already exists on this smart card, the process fails.
For container specification levels III and IV, a broader method is used to match an appropriate smart card with a user context, because multiple cached smart cards might meet the criteria provided. For each smart card that has been accessed by the Base CSP and the handle and container information are cached, the Base CSP looks for a valid default container. If the smart card handle is not valid, the Base CSP continues to search for a new smart card. SCardUIDlgSelectCard is used with an appropriate callback filter to find a matching smart card with a valid default container.
For each smart card that is already registered with the Base CSP, search for the requested container. If a matching smart card is not found in the Base CSP cache, a call is made to the smart card subsystem. SCardUIDlgSelectCard is used with an appropriate callback filter to find a matching smart card with the requested container.
Or, if a smart card serial number resulted from the search in Step 1, the callback filter attempts to match the serial number, not the container name. If the smart card is available, but a call to CardQueryFreeSpace indicates that the smart card has insufficient storage for an additional key container, continue the search.
Otherwise, use the first available smart card that meets the above criteria for the container creation. If a matching smart card is not found in the CSP cache, make a call to the smart card subsystem. The callback that is used to filter enumerated smart cards verifies that a candidate smart card does not already have the named container, and that CardQueryFreeSpace indicates the smart card has sufficient space for an additional container.
If no suitable smart card is found, the user is prompted to insert a smart card. If the specified container name is NULL, the default container is deleted. Deleting the default container causes a new default container to be selected arbitrarily. For this reason, this operation is not recommended.
0コメント