It's all about the answers!

Ask a question

How to config the RTC client logig in via smart card


Elvin Jiang (1178) | asked Mar 26 '13, 1:02 a.m.

I configed the JTS to use smart card to login, and it is OK for me the login via smart card on IE or firefox browser. but when I try to log in ccm from RTC client, I failed with a message that "KeyStore Windows-MY implementation not found"

who knows what happened, many thanks

Elvin

One answer



permanent link
Lily Wang (4.9k714) | answered Mar 28 '13, 8:40 p.m.
Hi,
For the RTC Eclipse client, you need to replace the bundled JDK by IBM JDK 1.6 SR12 or higher version to support smart card.
You can download the IBM JDK from http://www.ibm.com/developerworks/java/jdk/. Or submit a PMR and apply a hotfix to upgrade the JDK manually.
After that, you also need to modify the file
"<RTC_install_path>\\jdk\jre\lib\security\java.security" with the following changes:

1. Edit the java.security file, change:
  keystore.type=jks
to:
  keystore.type=Windows-MY

2. modify the following section in
java.security file from:
-------   snip here   -------
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
-------   snip here   -------

To the following:
-------   snip here   -------
security.provider.1=com.ibm.security.capi.IBMCAC
security.provider.2=com.ibm.jsse2.IBMJSSEProvider2
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.6=com.ibm.security.sasl.IBMSASL
security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.9=org.apache.harmony.security.provider.PolicyProvider
security.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
-------   snip here   -------

Hope the above works for you.

Regards,
Lily

Comments
Dave Evans commented May 14 '14, 11:14 a.m. | edited May 14 '14, 11:21 a.m.

Lily, <o:p> </o:p>

I have followed these steps but am receiving a “bad certificate” message from the client. It appears the server never sees the request. Does the Eclipse Client have its own key store where I would need to import my smart card’s signer certificate as a “Trusted CA” or something? <o:p> </o:p>

Thanks, <o:p> </o:p>

Dave

P.S. I am also never prompted for my PIN.  <o:p> </o:p>

Your answer


Register or to post your answer.