Tag: Yubikey

YubiKey Personal Identity Verification (PIV) Attestation - with the TameMyCerts Policy Module for Microsoft Active Directory Certificate Services (ADCS)

Since the recently released version 1.7, the TameMyCerts Policy Module for Microsoft Active Directory Certificate Services Personal Identity Verification (PIV) attestation for YubiKeys.

A YubiKey is a compact security token that can be used like a smartcard for the secure storage and use of certificates and can therefore also be used for passwordless logon to Active Directory environments.

This cool function was developed by Oscar Virot and integrated into TameMyCerts. This makes it possible to provide cryptographic proof when issuing certificates and thus ensure that a key pair is actually generated with a YubiKey and secured by it and cannot be exported.

This can be particularly helpful in complying with the NIS2 directive if companies decide to use certificates as a second factor for logging in with security-critical accounts in the Active Directory.

Continue reading „YubiKey Personal Identity Verification (PIV) Attestation – mit dem TameMyCerts Policy Modul für Microsoft Active Directory Certificate Services (ADCS)“

Smartcard login fails with error message "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)"

Assume the following scenario:

  • The company would like to use smartcard logon.
  • The domain controllers are with certificates that can be used for smartcard logon equipped.
  • The users are equipped with certificates that can be used for smartcard logon.
  • The login to the domain via smartcard fails with the following error message:
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
Continue reading „Smartcard-Anmeldung schlägt fehl mit Fehlermeldung „A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)““

Login via smart card using Remote Desktop (RDP) fails with error message "The requested key container does not exist on the smart card."

Assume the following scenario:

  • A user logs on to a remote desktop system using the smart card logon function.
  • The user uses a Yubico Yubikey as a smartcard. The required middleware is installed on both the local and the remote system.
  • The login fails with the following error message:
The system could not log you on. The requested key container does not exist on the smart card.
Continue reading „Die Anmeldung via Smartcard über Remotedesktop (RDP) schlägt fehl mit Fehlermeldung „The requested key container does not exist on the smart card.““
en_USEnglish
de_DEDeutsch en_USEnglish