Managing smart card authentication settings
You can use two different methods to manage smart card settings. You can use either the Amazon Web Services Management Console method or the Amazon CLI method.
View certificate details
Use either of the following methods to see when a certificate is set to expire.
Method 1: To view certificate details in Amazon Directory Service (Amazon Web Services Management Console)
-
In the Amazon Directory Service console
navigation pane, select Directories. -
Choose the directory ID link for your AD Connector directory.
-
On the Directory details page, choose the Networking & security tab.
-
In the Smart card authentication section, under CA certificates, choose the certificate ID to display details about that certificate.
Method 2: To view certificate details in Amazon Directory Service (Amazon CLI)
-
Run the following command. For the certificate ID, use the identifier returned by
register-certificate
orlist-certificates
.aws ds describe-certificate --directory-id
your_directory_id
--certificate-idyour_cert_id
Deregister a certificate
Use either of the following methods to deregister a certificate.
Note
If only one certificate is registered, you must first disable smart card authentication before you can deregister the certificate.
Method 1: To deregister a certificate in Amazon Directory Service (Amazon Web Services Management Console)
-
In the Amazon Directory Service console
navigation pane, select Directories. -
Choose the directory ID link for your AD Connector directory.
-
On the Directory details page, choose the Networking & security tab.
-
In the Smart card authentication section, under CA certificates, select the certificate you want to deregister, choose Actions, and then choose Deregister certificate.
Important
Ensure that the certificate you are about to deregister is not active or is currently being used as part of a CA certificate chain for smart card authentication.
-
In the Deregister a CA certificate dialog box, choose Deregister.
Method 2: To deregister a certificate in Amazon Directory Service (Amazon CLI)
-
Run the following command. For the certificate ID, use the identifier returned by
register-certificate
orlist-certificates
.aws ds deregister-certificate --directory-id
your_directory_id
--certificate-idyour_cert_id
Disable smart card authentication
Use either of the following methods to disable smart card authentication.
Method 1: To disable smart card authentication in Amazon Directory Service (Amazon Web Services Management Console)
-
In the Amazon Directory Service console
navigation pane, select Directories. -
Choose the directory ID link for your AD Connector directory.
-
On the Directory details page, choose the Networking & security tab.
-
In the Smart card authentication section, choose Disable.
-
In the Disable smart card authentication dialog box, choose Disable.
Method 2: To disable smart card authentication in Amazon Directory Service (Amazon CLI)
-
Run the following command.
aws ds disable-client-authentication --directory-id
your_directory_id
--type SmartCard