Certificate usage with CAC authentication
In order for CAC authentication to function, the BMC Atrium Single Sign-On server must be prepared with the signer certificates of the identity certificates. These certificates will be presented to the server for authentication.
The certificate for the Issuer must be imported into the BMC Atrium Single Sign-On server's truststore before the clients will send their certificates. The server provides a list of certificates that are trusted. When a request is received for a client certification and there are multiple trusted certificates available, you will be able to select the certificate.
For example, when Firefox receives a request for a client certificate and multiple trusted certificates are provided by the list sent from the server, a User Identification Request popup is displayed which allows the user to select a certificate.
Certificate signed by the Issuer
For example, the following certificate is signed by the Issuer (C=TX, O="BMC Software, Inc.", CN=AtriumSSO):
Owner: C=TX, O="BMC Software, Inc.", OU=AtriumSSO, CN=GoodSSO
Issuer: C=TX, O="BMC Software, Inc.", CN=AtriumSSO
Serial number: 56acad6af0be9e08
Valid from: Sun Feb 20 17:04:30 CST 2011 until: Tue Feb 19 17:04:30 CST 2013
Certificate fingerprints:
MD5: 4A:D6:7C:82:E4:2F:18:0B:8C:48:72:50:E2:56:02:5F
SHA1: 96:9E:6F:DD:A1:41:9C:F5:BD:4A:CC:9E:8B:79:41:6E:4C:A2:C9:69
Signature algorithm name: SHA1withRSA
Version: 3
Certificate for the Issuer
For example, the following certificate is the certificate for the Issuer:
Owner: C=TX, O="BMC Software, Inc.", CN=AtriumSSO
Issuer: C=TX, O="BMC Software, Inc.", CN=AtriumSSO
Serial number: 49b6786d72bb8c34
Valid from: Thu Oct 15 16:01:31 CDT 2009 until: Thu Apr 21 16:01:31 CDT 2016
Certificate fingerprints:
MD5: 81:85:78:CD:80:6A:C1:55:09:7A:FB:79:35:9F:06:5C
SHA1: 0D:2B:E2:90:ED:9E:24:39:19:B0:93:2F:15:87:3C:8D:F6:D0:03:3D
Signature algorithm name: SHA1withRSA
Version: 3