Timothy, This reply didn't really help me at all. If you do not use the smartcard, you are not prompted for the OWA user/pass in firefox, you just get a 401 error 401 Unauthorized - The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. (12209) I am not saying that it's the most efficient way to have 2 layers of authentication, but that's the way it is. In firefox, if you have the "ask every time" certificate option checked and you choose the wrong of the two certificates that are available for the site via the card, you get the same error. That's why I wonder if evolution is perhaps choosing the wrong cert. I think it may well BE evolution, but ultimately it's necessary for coolkey and evolution to work together, so that's why I asked here. On 10/15/07, Timothy J. Miller <tmiller@xxxxxxxxx> wrote: > > On Oct 14, 2007, at 11:07 PM, John H. wrote: > > > The problem is, I am not sure if it's being used or not. In firefox, > > I go to https://webmail.foo.bar.gov and it prompts me for my pin via > > coolkey, then user/password, then I check my OWA account. > > Am I to assume from this that your OWA deployment is not accepting > PKI authentication? If so, then you're not really gaining anything > with the smartcard. > > > I have OWA access set up in Evolution and use it for a regular OWA > > account, however, I wanted to use this .gov account, but when I tell > > evolution to authenticate and give it the correct user/pass, it says > > invalid username/password. Is this evolution that is at fault or > > coolkey? Why would it work in firefox? > > Likely because Evolution doesn't understand SSL client > authentication. At all. Even with IMAPS, so far as I can tell. > > If it's working in FF but not in Evolution that's a pretty solid > indication that the problem is Evolution. > > -- Tim > > > > _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel