This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ejava-token-vpn-logon [2017/05/11 06:26] jinbiao |
ejava-token-vpn-logon [2017/05/15 08:20] (current) JavaCardOS [Discussion] |
||
|---|---|---|---|
| Line 17: | Line 17: | ||
| ====Preparation==== | ====Preparation==== | ||
| - | 1. [[https://store/smartcard_eJavaToken.php|eJavaToken]](Make sure that PKI applet has been already upload). | + | 1. [[https://javacardos.com/store/smartcard_eJavaToken.php|eJavaToken]](Make sure that PKI applet has been already upload). |
| 2. PC with Windows server 2008 (used to configure VPN Server). | 2. PC with Windows server 2008 (used to configure VPN Server). | ||
| Line 23: | Line 23: | ||
| ====VPN Server Configuration==== | ====VPN Server Configuration==== | ||
| - | To configure the VPN server, you need to[[https://javacardforum/viewtopic.php?f=43 & t=676| Set up smart card certificate management environment]]and [[https://javacardforum/viewtopic.php?f=43 & t=677|Issue smart card certificate management]] . | + | To configure the VPN server, you need to[[https://javacardos.com/javacardforum/viewtopic.php?f=43 & t=676| Set up smart card certificate management environment]]and [[https://javacardos.com/javacardforum/viewtopic.php?f=43 & t=677|Issue smart card certificate management]] . |
| Line 30: | Line 30: | ||
| - | * Right-click tree structure on the left of "Routing and Remote Access" console, select "Properties" from the pop-up menu. | + | * Right-click tree structure on the left of "Routing and Remote Access" console, select "Properties" from the pop-up menu. |
| - | * In the "Properties" window, click "Security" tab, click "Authentication Methods…", the dialogbox "Authentication Methods" will pop up, as the following shows: | + | * In the "Properties" window, click "Security" tab, click "Authentication Methods…", the dialogbox "Authentication Methods" will pop up, as the following shows:\\ |
| - | + | ||
| - | {{https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d27092a697e.png }} | + | |
| + | {{ Editor/2016-09-09/57d27092a697e.png }}\\ | ||
| * Select"Extensible authentication protocol (EAP)". Extensible Authentication Protocol is the improvements method of traditional user name and password authentication. Smart card user authentication belongs to Extensible Authentication Protocol. | * Select"Extensible authentication protocol (EAP)". Extensible Authentication Protocol is the improvements method of traditional user name and password authentication. Smart card user authentication belongs to Extensible Authentication Protocol. | ||
| - | + | \\ | |
| - | + | ||
| - | + | ||
| * Click "OK", and close "Authentication Methods" dialogbox. | * Click "OK", and close "Authentication Methods" dialogbox. | ||
| - | + | \\ | |
| - | + | ||
| * Click "OK", close "Routing and Remote Access Properties" dialogbox. | * Click "OK", close "Routing and Remote Access Properties" dialogbox. | ||
| Line 53: | Line 46: | ||
| \\ | \\ | ||
| - | {{ https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d27479b8ad8.png }} | + | {{ Editor/2016-09-09/57d27479b8ad8.png }}\\ |
| - | + | ||
| - | + | ||
| - | + | ||
| * Right-click the new user, select "Properties", select "Dial-in" page. In "Network Access Permission" item select "Allow access" and then click OK, as shown below. | * Right-click the new user, select "Properties", select "Dial-in" page. In "Network Access Permission" item select "Allow access" and then click OK, as shown below. | ||
| \\ | \\ | ||
| - | {{https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d272b0de853.png }} | + | {{ Editor/2016-09-09/57d272b0de853.png }}\\ |
| - | + | ||
| - | + | ||
| Note: After these operations, users can apply for certificate that is used for authentication.Keep in mind that you must use the user you just set to apply for certificate. | Note: After these operations, users can apply for certificate that is used for authentication.Keep in mind that you must use the user you just set to apply for certificate. | ||
| Line 74: | Line 60: | ||
| - | *Insert eJavaToken into computer (Make sure that PKI applet has been already in eJavaToken). | + | * Insert eJavaToken into computer (Make sure that PKI applet has been already in eJavaToken). |
| - | \\ | + | |
| + | * Open Internet Explorer, enter the url set in previous step, which is used to issue smart card certificate (e.g. 192.168.50.96/certsrv/certrqma.asp), press Enter. | ||
| + | |||
| + | * On Advanced Certificate Request page, select "Smartcard User" for Certificate Template option,select "EnterSafe ePass2003 CSP v1.0" for CSP option, then click Submit. | ||
| + | |||
| - | *Open Internet Explorer, enter the url set in previous step, which is used to issue smart card certificate (e.g. https://192.168.50.96/certsrv/certrqma.asp), press Enter. | + | * Follow the prompts, select "Install this certificate" and click "Ok" until the certificate is installed successfully. |
| - | \\ | + | |
| - | + | ||
| - | *On Advanced Certificate Request page, select "Smartcard User" for Certificate Template option,select "EnterSafe ePass2003 CSP v1.0" for CSP option, then click Submit. | + | * If "This CA is not trusted" appears, please follow the prompts to add this CA into trust list. |
| - | \\ | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | *Follow the prompts, select "Install this certificate" and click "Ok" until the certificate is installed successfully. | + | |
| - | \\ | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | *If "This CA is not trusted" appears, please follow the prompts to add this CA into trust list. | + | |
| \\ | \\ | ||
| After certificate is downloaded and installed successfully, you can view this certificate or apply for a new one. | After certificate is downloaded and installed successfully, you can view this certificate or apply for a new one. | ||
| - | You can also click [[https://javacardforum/viewtopic.php?f=43 & t=678|here]] to know more about download certificate. | + | You can also click [[https://javacardos.com/javacardforum/viewtopic.php?f=43 & t=678|here]] to know more about download certificate. |
| ====VPN client configuration==== | ====VPN client configuration==== | ||
| Line 104: | Line 82: | ||
| - | + | * Firstly, make sure that eJava Token with certificate inside has been already inserted into computer. | |
| - | *Firstly, make sure that eJava Token with certificate inside has been already inserted into computer. | + | |
| \\ | \\ | ||
| + | * Open Start menu, select "Control Panel"- > "Network and Internet"- > "Network and Sharing Center"- >"Set up a new connection or network"- >"Connect to a workplace", open "Connect to a Workplace" dialogbox: | ||
| + | |||
| - | *Open Start menu, select "Control Panel"- > "Network and Internet"- > "Network and Sharing Center"- >"Set up a new connection or network"- >"Connect to a workplace", open "Connect to a Workplace" dialogbox: | + | {{ Editor/2016-09-09/57d2713a26a86.png }}\\ |
| - | \\ | + | |
| - | {{ https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d2713a26a86.png}} | ||
| + | * Select "Use my Internet connection(VPN)": | ||
| + | |||
| - | + | {{ Editor/2016-09-09/57d2715c414d7.png }}\\ | |
| - | + | ||
| - | + | ||
| - | *Select "Use my Internet connection(VPN)": | + | |
| - | \\ | + | |
| - | + | ||
| - | {{ https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d2715c414d7.png}} | + | |
| Line 130: | Line 102: | ||
| - | *The computer will recognize eJava Token automatically. You will be prompted to enter eJavaToken PIN code, click "OK", as shown below. | + | * The computer will recognize eJava Token automatically. You will be prompted to enter eJavaToken PIN code, click "OK", as shown below. |
| - | \\ | + | |
| - | + | ||
| - | {{ https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d27173acbbe.png}} | + | |
| + | {{ Editor/2016-09-09/57d27173acbbe.png }}\\ | ||
| Line 142: | Line 113: | ||
| After these operations, the configuration of VPN client software is completed. | After these operations, the configuration of VPN client software is completed. | ||
| To connect VPN, just double-click the new VPN connection name and click "connect" in the pop-up dialogbox.If VPN is connected successfully, connected mark will appear on the right of VPN connection name. | To connect VPN, just double-click the new VPN connection name and click "connect" in the pop-up dialogbox.If VPN is connected successfully, connected mark will appear on the right of VPN connection name. | ||
| - | |||
| - | {{ https://javacardos.com//wiki/Uploads/Editor/2016-09-09/57d2718a739b7.png}} | ||
| - | ====Discussion==== | + | {{ Editor/2016-09-09/57d2718a739b7.png }}\\ |
| - | Go to [[https://javacardforum/viewforum.php?f=43|JavaCardOS Forum]] | ||
