コンテンツ

  1. HOME
  2. FAQ
  3. Authentication System
  4. IC-Card Authentication Trouble

IC-Card Authentication Trouble FAQ

作成日:2019/11/12

FirefoxでICカード認証を行う場合は、モジュールの登録が必要です。

登録手順
Windowsの場合
  1. 画面右上の[メニュー] → [オプション]をクリック
  2. オプション画面左側の[プライバシーとセキュリティ]をクリック
  3. 一番下までスクロールして[セキュリティデバイス]ボタンをクリック
  4. [デバイスマネージャー]ウィンドウで[追加]ボタンをクリック
  5. ファイルパスに『C:\Windows\System32\dnPKIp11.dll』を入力
  6. [OK]ボタンをクリック
  7. [セキュリティモジュールとデバイス]に『New PKCS #11 Module』が
    表示されていることを確認
  8. ウィンドウ右下にある[OK]ボタンをクリック
  9. 画面右上にある[メニュー] → [終了]で再起動

Macの場合
  1. Firefoxを起動
  2. 画面右上の[メニュー] → [オプション]をクリック
  3. 設定画面左側の[プライバシーとセキュリティ]をクリック
  4. 一番下までスクロールして[セキュリティデバイス]ボタンをクリック
  5. [デバイスマネージャー]ウィンドウで[追加]ボタンをクリック
  6. ファイルパスに
    /Library/libdnpki/libdnpkip11.bundle/Contents/MacOS/libdnpkip11』を入力
  7. [OK]ボタンをクリック
  8. [セキュリティモジュールとデバイス]に『New PKCS #11 Module』が
    表示されていることを確認
  9. ウィンドウ右下にある[OK]ボタンをクリック
  10. 画面左上[メニュー] →&ensp[Firefox] → [Firefoxを終了]で再起動

更新日:2020/02/07

以下の手順でご確認ください.

【Windows】

  1. パソコンにカードリーダをつなぎ,認証ICカードを挿入
  2. スタートメニュー ⇒ 証明書管理ユーティリティ ⇒ 証明書管理ツールを選択
  3. PINを入力してくださいというポップアップ画面にPINを入力しOKを選択
  4. 証明書管理ツールのボップアップ画面に有効期限が表示されます
  5. 確認できれば閉じるボタンをクリックして終了

【Mac】

Macは対応していません。

You can retrieve your locked PIN in Windows that has 'Certificate Management Utility' installed.

Please see the instructions in the attached file below.

(File: how to unlock PIN)

Possible solutions

- Use Internet Explorer or Firefox. Other browsers are not supported for this.

- Insert your IC card before you startup your computer.

- Check the expiry date of your IC card

- Check that it is not PIN lock (you can check if your PIN is locked here).

- Clear cache on your browser (Please refer to this page).

- *Configure antivirus exclusions on your computer. You will need to exclude the web domain URL from the settings of your antivirus software from the scan.

(*Symantec antivirus users are not required to do this. If your antivirus software is Kaspersky, you may require a different antivirus software program.)

- Re-install the authentication driver (Please refer to this page).

- Check if security module is enabled

Copy and paste about:preferences#privacy or about:preferences#advanced in the address bar of your internet browser > click security device (It is found at the bottom of the page under 'Certificate') > check if the followings are displayed;

[New PKC #11 Module] [PKCS#11 Library for DNP dnPKI]

- If your browser is Explorer;

a) Clear SSL -Internet option > Contents > Clear SSL

b) Enabling TLS & Disable SSL

Internet option > Details > Security > check if TLS 1.* boxes are ticked, and no tick in SSL boxes.

Possible solutions;

- Uninstall the device driver software [DNP PKI DriverPack(dnPKI)] first, then reinstall it.

- Use Internet Explorer (Windows 10's default browser is set as Edge).

- Check SSL and TLS settings (Please see this page).

- Clear cache on your browser (Please see this page).

【Windows】

  1. Connect a card reader to your computer
  2. Insert IC card into the card reader
  3. Go to Start menu on Windows (it is found at the left bottom corner) > All Programs > Certificate Management Utility > Choose Certificate management tool
  4. A pop-up window will appear. Enter your PIN.
  5. Certificate management tool pop-up window will appear
  6. Choose Change your PIN.
  7. Enter new PIN and click OK.
  8. Wait until the message 'PIN is being changed' disappears.
  9. Close the Certificate management tool.

【Mac】

  1. Connect a card reader to your computer
  2. Insert IC card into the card reader
  3. Press Control + Space
  4. Spotlight search window will appear. Enter 'terminal' in the box.
  5. Choose terminal.app
  6. A new pop-up window will appear. Copy and paste the following command and press Return. -> find /Library/libdnpki -name *dnpchpin If file path is not found, try -> find . -name *dnpchpin
  7. If a file path is found, copy and paste it on the pop-up window. Press Return.
  8. Enter your current PIN followed by a new PIN.
  9. Once it is all completed successfully, a message 'PIN is successfully changed' will appear.
  10. Close the window.

※PIN must be between 8 and 16 characters. Please follow the guideline here.

Once an authentication error occurs on a browser, the browser saves that condition. Please do the following.

(1) Close the browser that showed an error.

(Precautions)

If you have several tabs and windows open on your PC, please close them all. In Mac, select 'Close Firefox' from the menu, and close it. Even if you close all the windows with the 'x' button, the browser may not close.

(2) Confirm that the card reader is connected and the IC card inserted. Then activate the browser.

In case it won't help, please try clear he cache.

Following error messages appears on FireFox.

'Safe connection cannot be established' or 'A valid client certification is required'

Possible solutions;

- Check if security module is enabled

Copy and paste about:preferences#privacy or about:preferences#advanced in the address bar of your internet browser > click security device (It is found at the bottom of the page under 'Certificate') > check if the followings are displayed;

[New PKC #11 Module] [PKCS#11 Library for DNP dnPKI]

- Close Firefox on your browser (Windows: File > Exit / Mac: Menu > Firefox > Exit Firefox) and re-start your computer.

The driver soft at our webpage is for Firefox4.0 for MacOSX ~64bit/32bit, on the other hand, the PKCS#11 device in the introductory support kit, old driver soft, is for 32bit, which causes the trouble. Please refer to the "Users' manual and necessary soft(Limited on-campus)" on our homepage and install the new driversoft, which is for 64bit mode as well.

*In using the old driver soft, the following is the concrete measure.
Start "Macintosh HD" only for the use of Firefox4.0~ with the 64bit activating on Mac

→In the "application" click "Firefox" and start "see the information"
→Please check "start with the 32bit mode"
→Please close the "Information of Firefox" with x button.
→Please activate the Firefox.

For a Mac, the Safari browser cannot handle the electronic certificates. So, please use Mozilla Firefox on Mac.

By trying to change your password (PIN) , you can confirm whether your PIN is locked or not.

Changing PIN: http://www.iimc.kyoto-u.ac.jp/en/faq/cert/ic/pin.html

When it is locked, on Windows a message that your PIN is blocked will appear. With Mac and Linux, the message, 'PIN is blocked' will be displayed. First confirm whether the above situation is what is happening with your computer.

Then contact the ICT support center. When you contact us, we will let you know how to remotely recover the IC card lock. In addition, since a Windows environment is required, Mac or Linux users should borrow a computer with a Windows environment from someone nearby.

This type of incident has been confirmed in other cases of people using Mac OSX_10.5.x. First, do the following to confirm that you are faced with this kind of problem.

(1) Press the 'Security device' button that is displayed to the right of the certificate.

(2) With the card reader connected, confirm that the condition is in accordance with '1. The IC card reader is connected, and an IC card is not inserted into it,' as can be seen in this diagram.

(3) With the IC card inserted, click 'PKCS#11 Library for DNP...' and confirm that the condition is in accordance with either of these diagrams, 2-1 or 2-2.

The key point to look for is whether the right box says '2-1 Does not exist' or '2-2 Not yet logged in.'

(4) If the condition is '2-1 Does not exist,' then a problem with 10.5 x and the driver can be suspected.

To respond to this situation, you should upgrade to 10.5.8 from 10.5.x, for example. After carrying out this minor upgrade, confirm your certificate with the same method you used before.

Please carry out the VPN connection setting to your PC at home refering to the URL below. You can log in to the groupware from your PC after the operation.

After the environment setting to use IC card on your PC at home, you can operate the office system for accounting as well, however, please don't carry out the setting above to the PC which lots of people use.

URL of VPN setting:http://www.iimc.kyoto-u.ac.jp/en/services/kuins/vpn/

The written explanation in the introductory kit was insufficient. It has been revised in the new guide. When Firefox does not work well, respond as follows. After installing the PKCS#11 module, close Firefox, confirm that your IC card reader and IC card are connected, and then start Firefox again. After that, carry out installation of electronic certificate according to the instruction manual.

The drivers and the installation methods differ according to a personal computer's OS. Regardless of the OS, the following installs are required for your PC.

(1) Installation of card reader/writer driver software

(※ Please do this before connecting the devices.)

(2) Setting both 'Root Certificate (KyotoURootCA)' and 'Intermediate Certificate(KyotoUIntermediateFacultyCA),' on the browser you use.

(3) Installation of software that reads certificates and PIN password changes in your electronic certificate.

(※This software is called PKI and it is almost the same as J-PKI of Japanese Government.)

You should create a PIN in which the number of places is between eight or more and sixteen or fewer.

Your PIN may be too short or too long. Please change it so that it has between six or more and sixteen or less places, consisting of numbers, Romanized letters, etc. If an error message continues to be displayed, contact the ICT Support Center from the inquiry form.

An initial PIN is only something provisional until the user changes it and establishes his or her own PIN. Since the PIN is generated randomly, it is difficult to remember. To protect yourselves against security risks, we hope that all of you users will change your initial PIN.

You can use Romanized letters, numbers, and symbols. For Romanized letters, you can use capital or small letters. Mix them with numbers, and create a string of characters whose coded meaning cannot easily be discerned. By mixing in symbols, you can create an effective password of a string of characters that will be difficult to crack. Please refrain from using a PIN composed of characters from which your name and ID can be easily inferred, such as dictionary vocabulary entries, the names of famous persons, or proper names.

The contact chip is square and gold-colored. Put this side up and insert it completely into the back of the card reader/writer. When the blinking green LED light above the slot where you inserted the card stops blinking and stays on, then you can proceed.

Please buy the card reader/writer from the Co-op. For drivers, software, and manuals, please download the latest versions from the URL below.

http://www.iimc.kyoto-u.ac.jp/en/services/cert/support/post.html

 

Copyright © Institute for Information Management and Communication, Kyoto University, all rights reserved.