ActivClient PKI Services

ActivClient provides digital certificate services using RSA key pairs stored on a smart card.

The following table lists the PKI services.

Feature Description

Windows logon

  • Provides a digital certificate-based mechanism to log on to the domain on:

    • Microsoft Windows 8.1 latest update, 10 including the latest version 21H2, and 11.

    • Microsoft Windows Server 2012 R2, 2016, 2019, and 2022.

  • Provides the ability to log off users or lock the workstation on smart card removal.

  • Supports smart card logon with Fast User Switching.
Remote access (PKI)

  • Microsoft Windows VPN on Microsoft Windows 8.1 latest update, 10 including the latest version 21H2, and 11.

  • Check Point Endpoint Security VPN for Windows E80.85

  • Cisco AnyConnect VPN Client v4.x

  • Arkoon® SecurityBox (Stormshield® Data Security)

  • Other VPN clients supporting smart cards via Microsoft CAPI/CNG or PKCS#11 either in native 64-bit or 32-bit mode

Secure web access

Access to any web server with SSL v3 or TLS and a smart card-based digital certificate with the following browsers:

  • Microsoft Internet Explorer 11

  • Microsoft Edge Chromium

  • Mozilla Firefox (latest version)

  • Google Chrome (latest version)
Secure email

  • Email signature, encryption/decryption:

    • Microsoft Outlook 2016

    • Microsoft Outlook 2019

    • Web version of Microsoft Outlook (Office 365 Business Essentials)

      With Microsoft Exchange 2013 SP1, 2016 and 2019

    • Mozilla Thunderbird (latest version)

  • Microsoft Outlook usability enhancements – Automatic configuration of the Microsoft Outlook security profile, including:

    • Automatic selection of the latest signature and encryption certificates on the user smart card.

    • Selection of the hash algorithm (for example, SHA-1, SHA-256, SHA-512).

    • Selection of the encryption algorithm (for example, 3DES, AES, RC2).

  • Additional usability services:

    • Automatic publication of users’ smart card-based certificates to the Global Address List (GAL).

    • Automatic addition of email senders' certificates to users’ Microsoft Outlook Contacts.

    • Automatic decryption of encrypted emails (saving in decrypted form).
Encrypting file system

  • ActivClient supports the Encrypting File System (EFS) feature of Microsoft Windows 8.1 latest update, 10 including the latest version 21H2 and 11.

    With a smart card-based certificate, users can encrypt/decrypt files.

  • BitLocker (disk encryption) bundled with Microsoft Windows 8.1 latest update, 10 including the latest version 21H2, and 11.
Entrust client software

ActivClient supports the following Entrust products:

  • Entrust Entelligence™ Security Provider for Windows 9.3 and 10

  • Entrust Authority™ Administration Services 9.1 and 9.2

  • Entrust Authority Security Manager 8.2 and 8.3

  • Entrust Authority Security Manager Administration 8.2 and 8.3

Examples of other PKI enabled clients

ActivClient also supports other applications that provide PKI services with smart cards using the Microsoft CAPI/CNG interface (via the ActivClient Mini Driver) or PKCS #11 interface (via the ActivClient PKCS#11 library).

For example:

  • Microsoft Office (2016 and 2019) and Microsoft XPS Viewer (bundled with Microsoft Windows 8.1 latest update, 10, and 11) that provide file signing capability.

  • Adobe Acrobat DC