Configuring MS Internet Explorer to use KCA credentials

Instructions for MS Windows

Here are the steps for setting up Internet Explorer to use KCA at Fermilab:

1. Install the X.509 certificate tools.  In order to obtain an X.509 certificate, both Kerberos client tools and X.509 tools are needed.  These tools have been packaged in a ZIP file here http://security.fnal.gov/tools/getcert.zip.  Once this file is downloaded, unzip it’s contents into a directory of choice.  There is a file readme1st.txt that describes the ZIP contents.
2. Obtain an X.509 certificate from the KCA.  In the directory where the Kerberos client and X.509 tools are located, run the command script Get-Cert.CMD.  If you are logged into Windows with the same name as in your Kerberos principal – name@FNAL.GOV, the Get-Cert.CMD will obtain a Kerberos credential if needed and then obtain an X.509 certificate.  The script will place a copy of the certificate in the file %TEMP%\%user%.pem.  The script will print this file name when it completes.  If you are logged into Windows with a name different from your Kerberos principal name, run the command script with your Kerberos principal name as the argument – Get-Cert.CMD <name>.
3. The result of this script is to write your KCA credentials to the cache used by Internet Explorer. Your credentials are already imported into IE and you should be good to go.
   

nightwathc@fnal.gov

Last Modified: 7/22/2003 11:47 AM