There are many. You are probably looking for either a USB token that supports PKCS#11, such as the Aladdin eToken, or a smart card (with its associated reader).
StartCom is an official reseller for Aladdin, and the CTO of the company (which also operates a commercial CA) maintains an active presence on this list. As for how to use it with Firefox, you need to use modtool to add the token's PKCS#11 module to the list of modules that Firefox will use. (You could possibly also use a second instance of the software certificate token, to point to a centralized system database of certificates -- but I have not actually tried this configuration.) -Kyle H On Thu, Jan 29, 2009 at 8:27 AM, Denis McCarthy <dmccar...@annadaletech.com> wrote: > Thanks for the suggestion David. Unfortunately we are not connecting > to an active directory domain - our application has to go out over the > internet. I did a bit of fiddling with the certificates snap ins, but > Microsoft only makes certificates installed in the user account > available to IE. One other thing I've been mulling over - is it > possible to get a cheap piece of hardware (i.e. a dongle of some sort) > that you can put an X509 certificate on? If so, could anyone point me > in the direction of a company that provides such a product? > Regards > Denis > > On Thu, Jan 29, 2009 at 2:23 PM, David Stutzman > <dstutz.m...@nospam.dstutz.com> wrote: >> Denis McCarthy wrote: >>> >>> customers use. On this application, it is important to identify the >>> physical machine on which a transaction takes place. In most of our >> >>> b) The application is currently multi platform, but all our users use >>> windows (because that is what the application we are replacing runs >>> on). If we have to, we can stipulate that our users must use windows >>> if we have to. Is there some way we could interact with the windows >>> key store to extract a machine based key to authenticate with our >>> server? >> >> Microsoft supports "machine" certificates and in an active directory domain >> for instance, you can enforce that a computer in the domain must have a >> machine certificate to connect to the domain at all. >> >> If you open the certificates snap-in in the Microsoft management console >> (start -> run-> "mmc", and you can add in the certs snap-in) it asks you >> whether to add one for "My user account" "Service Account" or "Computer >> account". You'd most likely want to drop a cert in "Computer Account" for >> your purposes. >> >> I don't know exactly how all this works, but I know it can be done so it's >> something you can definately look into. Probably start with Microsoft PKI >> documentation. >> >> Dave >> -- >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> > > > > -- > Annadale Technologies Limited > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto