Home   Support   
AboutProductsLeadershipContact

NetSign CAC® FAQ

Contents

  1. General Questions
  2. Requirements for NetSign® CAC
  3. NetSign CAC Interoperability
  4. Installation issues, tips and latest Technical Notes

General Questions

  1. What is NetSign CAC?
  2. What are the key benefits of NetSign CAC?
  3. Do I need specialized training to use NetSign CAC?
  4. How easy is the installation process for NetSign CAC?
  5. As a system administrator, configuration control is important. How can NetSign CAC help me control the user configurations?
  6. What's new in NetSign CAC 5.5?
  7. How do I purchase NetSign CAC?

Requirements for NetSign CAC

  1. What are the minimum software requirements for using NetSign CAC?
  2. What are the minimum hardware requirements for NetSign CAC?

Interoperability

  1. How do you ensure NetSign CAC will work with other DoD security applications?
  2. With what other third party applications is NetSign CAC compatible?
  3. Which DoD CAC cards can be used with NetSign CAC?
  4. What smart card readers can be used with NetSign CAC?
  5. What push / remote installations are supported by NetSign CAC?
  6. Has NetSign CAC been operationally tested by JITC and DISA?

Installation issues, tips and latest Technical Notes

  1. Where can I find the latest information on issues, installation notes, and tips regarding NetSign CAC?
  2. Are there tools available to help system administrators install NetSign CAC?
  3. Can I use NetSign CAC to access a Secure Web Site?
  4. NetSign CAC won't let me automatically sign and encrypt email. What am I doing wrong?
  5. My Digital ID Name cannot be found by the underlying security system. What can I do?
  6. I am having trouble using "Autoregister Certificates with Outlook". What can I do?

General Questions

  1. What is NetSign CAC?
    NetSign CAC is a smart card client package that provides network security and desktop protection for users of the Common Access Card. NetSign CAC middleware enables users to digitally sign and encrypt email, securely logon to PCs, applications, and websites, and safely perform other necessary cryptographic functions. The administration features of NetSign CAC allow network and systems administrators to download user initial configurations from the network administrator's console, install middleware updates, and dynamically configure user email and encryption functions.

    Return to Top

  2. What are the key benefits of NetSign CAC?
    There are many benefits of using NetSign CAC. The key benefits include:

    • Helps accomplish day-to-day tasks required of CAC holders
    • Reduces end user involvement in installation and maintenance
    • Eases burden for certificate management and application configuration
    • Meets accepted industry standards for interoperability

    Return to Top

  3. Do I need specialized training to use NetSign CAC?
    No, there is no specialized training required in order to use NetSign CAC. NetSign CAC is easy to use and seamless to integrate. This allows users to accomplish all the tasks they need to perform with their Common Access Card. Task such as signing and encrypting emails can be configured to occur automatically. NetSign CAC is flexible and can automatically register the appropriate CAC user certificates in different applications and automatically populate Outlook's Contact manager with user certificates.

    Return to Top

  4. How easy is the installation process for NetSign CAC?
    It is very easy to install NetSign CAC -- just insert the CD and follow the on screen instructions. NetSign CAC allows for local and remote (push) installation by the system administrator using Active Directory or Systems Management Service, minimizing end user involvement.

    Return to Top

  5. As a system administrator, configuration control is important. How can NetSign CAC help me control the user configurations?
    NetSign CAC helps system administrators control user configurations with its ability to force a number of product and Outlook security settings on the CAC user's machines. Administrators can configure these policy settings and ensure a common installation across the organization. Some of the customizable policy settings include:

    • Auto-register certificates with Outlook - reduces administrator involvement in changes,
    • Auto Contact - automatically populates Outlook Contacts with sender's public key,
    • Auto Update - enables administrators to control product updates on user machines, and
    • PIN Policy - allows administrators to customize PIN policies for the organization.

    Return to Top

  6. What's new in NetSign CAC 5.5?
    NetSign CAC 5.5 offers several new key features. These include:

    • GSC-IS 2.1 support
    • V2 applet support
    • 64K card support
    • Outlook 2003 support
    • Windows XP SP2 support
    • Windows 2003 Server support
    • Microsoft Exchange Server 2003 support
    • SMS 2.0 and SMS 2003 support
    • Novell CBNL and NMAS support
    • Cisco VPN support
    • Outlook Web Access sign/encrypt/decrypt
    • Suppress Name Checking is now supported as an optional feature

    Return to Top

  7. How do I purchase NetSign CAC version 5.5 or 5.5 SP1?
    NetSign CAC version 5.5 can be purchased through a number of DoD contracts and directly from Litronic. For more information on these options, please contact our Government Sales group by phone 800-340-6034 Option 2 or by e-mail us at sales@saflink.com

    Return to Top

Requirements

  1. What are the minimum software requirements for using NetSign CAC 5.5?
    The minimum software requirements for NetSign CAC 5.5 are:

    Operating Systems:

    • Windows 2000 Service Pack 4
    • Windows XP Service Pack 1a or later
    • Windows Server 2003 Enterprise Edition

    Note: Windows Server 2003, Windows 2000 Server or Windows 2000 Advanced Server is required for configuring Windows Smart Card Logon.

    Email clients and browsers:

    • Microsoft Internet Explorer 5.5 or higher
    • Netscape Communicator 4.76, 7.0 and 7.2 (128 bit)

    Return to Top

  2. What are the minimum hardware requirements for NetSign CAC?
    The computer on which NetSign CAC will be installed must meet the following minimum requirements:

    • Intel/AMD CPU with processing power equivalent to a Pentium 133 MHz or higher
    • 32 MB RAM (256 MB RAM recommended)
    • 20 MB disk space
    • CD-ROM drive (only necessary for a local installation using the NetSign product CD)
    • PC/SC compliant smart card reader/writer
    • One (1) unused USB or serial port to attach the smart card reader (Note: NetSign is designed to work with PC/SC compliant smart card readers that adhere to the DoD smart card reader specification)

    Return to Top

Interoperability

  1. How do you ensure NetSign CAC will work with other DoD security applications?
    NetSign CAC is designed to support and work with a variety of DoD applications. NetSign CAC conforms to a number of accepted standards for interoperability to ensure compatibility. These standards include:

    • Government Standard Smart Card Library Support (ver 2.1),
    • GSA Basic Services Interface (BSI) version 2.0 compatibility,
    • Compliant with GSA Common Access Card Specification,
    • Industry Standard Cryptographic Library Support - Microsoft CAPI and PKCS #11, and PC/SC.

    Return to Top

  2. With what other third party applications is NetSign CAC compatible?
    NetSign CAC is compatible with the following applications:

    • Citrix® MetaFrame® Presentation Server XP FR3,
    • Silanis ApproveIt®,
    • ISC Secret Agent®,
    • Tumbleweed/Valicert Validation Authority® - OCSP,
    • Gradkell Systems Dbsign® - Defense Travel System, and
    • Adobe® Acrobat® 6.0.

    Return to Top

  3. Which DoD CAC cards can be used with NetSign CAC?
    NetSign CAC supports all the deployed DoD Common Access Cards:

    • Axalto&trade Cyberflex ® Access 32K CAC (M256EPALP1_SI_9C_02 Softmask 7 Version 2)
    • Oberthur GalactIC 2.1-5032 Mask 2.1R™, and
    • Oberthur CosmopolIC&trade V4;
    • ActivCard V2;
    • Gemplus&trade Gemxpresso 64K

    Return to Top

  4. What smart card readers can be used with NetSign CAC?
    NetSign is designed to work with PC/SC compliant smart card readers that adhere to the DoD smart card reader specification. NetSign supports the following listed smart card reader models from their respective vendors:

    • Litonic: 215, 3015, 3015i, and 260;
    • SCM: SCR201 PCMCIA, SCR331 USB, SCR331-DI USB/DesFire, and SCR301 USB
    • Cherry: ST-1000UA
    • UPEK: TouchChip TCRS1C combination smart card and fingerprint reader

    Return to Top

  5. What push / remote installations are supported by NetSign CAC?
    NetSign CAC supports the following push / remote installations:

    • Local/Network install - The local install is used when installing on one or a small number of machines from a CD or network share.
    • Silent MSI method - Using the Silent MSI option allows and Administrator to install NetSign on a single computer without user interaction or dialog boxes using standard MSIEXEC.exe command switches.
    • Active Directory push install - Push installs are used when installing to a larger number of machines. Active Directory can only push install to machines running Windows 2000; and Windows XP.
    • Systems Management Server (SMS) push install - SMS can push install to machines running any Windows operating system.

    Return to Top

  6. Has NetSign CAC been operationally tested by JITC and DISA?
    Yes, NetSign CAC has successfully completed a complete operational assessment and test. Details of the NetSign CAC test - "Department Of Defense Common Access Card Litronic Middleware Test Report Card" - can be found at the following link: JITC NetSign CAC Report Card.

    Return to Top

Installation

  1. Where can I find the latest information on issues, installation notes, and tips regarding NetSign CAC?
    The latest information about NetSign CAC at the time the product is released is in the file "ReleaseNotes.txt" included with the installation CD. These notes highlight any issues encountered at release time. Due to time constraints these issues may not be documented in the NetSign CAC Installation and User Guide or the NetSign CAC System's Administrator Guide. We recommend selecting YES during the installation process to view the Release Notes file. Additional information and technical notes are posted on our web site at the following link: Support. Updated issues and work arounds "post release" are posted on our support NetSign - Knowledge Base.

    Return to Top

  2. Can I use NetSign CAC to access a Secure Web Site?
    Yes, because certain web pages and web sites use Secure Sockets Layer (SSL) for security, NetSign CAC can be used to access them. To access a secure web site you need to provide client authentication. To do this:

    1. Insert your smart card into the smart card reader.
    2. When prompted, enter your smart card PIN to authenticate yourself.

    Caution: When you view a secure site, it may be saved in your browser's cache. This means that it can be accessed on your machine without a smart card for a certain amount of time even after you have left the site. To maintain security, you should close your browser when you are finished viewing a secure site. This will prevent any unauthorized access. If you wish to view a different web site, close your browser, and then reopen it to view the new site.

    Return to Top

  3. NetSign CAC won't let me automatically sign and encrypt email. What am I doing wrong?
    If NetSign CAC isn't letting you automatically sign and encrypt email, there may be a problem with your installation. In order for NetSign CAC to automatically sign or encrypt email with Outlook, NetSign CAC must be installed with the 128-bit encryption pack. If NetSign CAC is installed without the 128-bit encryption pack, the NetSign CAC policies will not be installed in Outlook. No signing or identity certificates will be present for automatically signing and encrypting email. Encrypting and signing email will still be possible, but will need to be selected manually.

    Return to Top

  4. My Digital ID Name cannot be found by the underlying security system. What can I do?
    If you are seeing an error that the underlying security system can't find your digital ID name, chances are your email profile has not been established, your certificates have not been registered with NetSign and Outlook or you may have a problem if you had other CAC Middleware previously installed on your system. This message occurs because your email application can't find the associated private key for that particular message. This problem can be corrected in a few ways:

    • Be sure you have selected your default email application. If you have properly selected your default mail application, when you attempt to open an encrypted email you will be prompted for your user PIN.
    • If you have more than one profile set up, make sure you are using the appropriate profile for that incoming message.
    • If you have previously installed other CAC Middleware, you will need to contact your CAC helpdesk to make sure that the middleware CSP pointer is not still pointing to an uninstalled CAC Middlware application. If it is, it is necessary to remove it for NetSign CAC to function properly.

    Return to Top

  5. I am having trouble using "Autoregister Certificates with Outlook". What can I do?
    If Autoregister Certificates with Outlook isn't working properly, you need to make sure that:

    • "Autoregister certificates for IE" is selected, or
    • The user manually registers the certs with the card inserted via "CardStart" (right click on the smart card reader in the task bar and click "Register IE Card".

    If you have additional questions or need to contact Litronic (a Saflink Company)Technical Support click here: http://support.saflink.com/

    Return to Top

About   |  Customer Support  |  Products   |  News  |  Leadership  |  Contact  |  Investor Relations
Copyright 2006 Saflink Corp. | Legal Notices | Site Map