powerGate with AtosPki smart card

The company Atos provides a Smart card solution that uses client certificates for authentication. It is also possible to reuse the Public Key Infrastructure within powerGate requests. 

Requirements

This module requires at least powerShell version 3

The certificate

To use this module you need an Atos certificate. This certificate is identified by two things:

  • Issuer: Containing "Atos"
  • KeyUsages: Containing "Client Authentication"

Installing the Module

Follow these steps to use the powerShell module for AtosPki:

  1. Download the archive "connections_atospki.zip" from the attachments.
  2. Make sure the archive is unblocked
  3. Extract the archive to following location: "%ProgramFiles%\coolorange\Modules\powerGate\connections_atosPki.psm1"

Using the module

To use this module in powerShell you first have to import it using Import-Module:

Import-Module "$($env:ProgramFiles)\coolorange\Modules\powerGate\connections_atosPki.psm1"
In order to use a client certificate from Atos for the authentication with powerGate use the variable $atosPkiConnect in your -OnConnect parameter:
$connected = Connect-ERP "https://myHost/PGS/Car_Service" -OnConnect $global:atosPkiConnect

Customization

Issuer

The $atosPkiConnect script works only when the issuer of the installed certificate contains the name "Atos". If you want to use a certificate with a different issuer change the following line in the module:

$requiredIssuer = "Atos"

KeyUsages

The default module filters for installed certificates that have a KeyUsages containing "Client Authentication". If you want to use a certificate with different KeyUsages change following line:

$requiredUsages = @("Client Authentication")
You can view the KeyUsages in the Windows cerficate dialog.

Click n the "Details" tab., select "All" in the combobox and then search for "Enhanced Key Usage"

Downloads

Remarks

This module works only on English machines. If you are using e.g. a German machine you need to change the $requiredUsages to Clientauthentifizierung.