Yubico Forum https://forum.yubico.com/ |
|
[QUESTION] PIN caching for SSL certificates https://forum.yubico.com/viewtopic.php?f=26&t=2609 |
Page 2 of 2 |
Author: | DarkainMX [ Fri Oct 13, 2017 6:48 pm ] |
Post subject: | Re: [QUESTION] PIN caching for SSL certificates |
ITS FIXED!!! It is finally freaggin fixed! Windows Update ran this week. Not sure which update specifically which update was applied. But when I went to open a PuTTY session today, I noticed that the pin key window was behaving normally (it popped up and took focus, rather than opening behind all other windows). So I gave it a try a second time, and PuTTY authenticated without asking for another prompt. That only took... what... 7 months to fix!? Thanks Microsoft UPDATE: It is KB4041676 https://support.microsoft.com/en-us/hel ... -kb4041676 Quote: Addressed issue where Personal Identity Verification (PIV) smart card PINs are not cached on a per-application basis. This caused users to see the PIN prompt multiple times in a short time period; normally, the PIN prompt only displays once.
|
Author: | Chris77 [ Wed Oct 18, 2017 9:08 am ] |
Post subject: | Re: [QUESTION] PIN caching for SSL certificates |
I can confirm that it has been fixed. Endlich! |
Author: | bozho [ Wed Oct 18, 2017 7:47 pm ] |
Post subject: | Re: [QUESTION] PIN caching for SSL certificates |
Well, it may have been fixed, but I can't test it as it actually stopped working for me. I haven't tried remoting in a few weeks now and I was setting up a new machine. Today I went to test it and I can't get Windows to behave with my Yubikey. So, nothing has changed with the Yubikey - it still has the same self-signed cert in the authentication slot. At first, I thought it's the new machine, but I've just checked with the old machine where this used to work and I get the same result. In short, on the machine where it used to work, I performed these steps: 1. Delete the cert from Cert:\CurrentUser\My\ (it was there previously). 2. Plug in Yubikey - the certificate appears in the store. 3. Run the code from my original post - get the message along the lines "The smart card cannot perform this action.. ". I didn't get the entire message, because I can't repeat it (read on 4. Unplug Yubikey and delete the certificate again. 5. Plugin Yubikey - the certificate does not reappear in the certificate store. Rebooting doesn't help, cussing at it doesn't help. I can't get it to work on the new machine, either (both machines run Win10 Pro with latest updates). If I import the certificate from the PFX file and not use Yubikey, everything works as expected. Is there something I need to do with Yubikey? |
Author: | bozho [ Thu Oct 19, 2017 10:18 am ] |
Post subject: | Re: [QUESTION] PIN caching for SSL certificates |
Ah, this seems to be the cause: https://forum.yubico.com/viewtopic.php?f=26&t=2739 |
Page 2 of 2 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |