Unifyia User Client - Linux (RHEL)

The Unifyia User Client v2.2.2 is a Linux (RHEL) service application that enables interaction with different types of card readers to perform operations on connected identity devices. Acting as an intermediary service, it links the Unifyia platform with the corresponding card readers, allowing for the execution of card-related actions. The Unifyia User Client specifically supports interaction with PCSC Card Readers, including both contact and contactless types.

Feature	Description
Software Distribution	You will find the application in the Device Client > Linux folder in the software distribution packages shared with you. The installation files are packaged as unifyiauserclient-2.2.2-0.x86_64.rpm.
Supported Browsers	Google Chrome Microsoft Edge
Supported Linux Flavors	RHEL
Supported Functions	To install, read, and write PCSC - Contact and Contactless Cards listed below: IDEMIA- ID-One PIV v2.4.2 on Cosmo V8.2 IDEMIA- ID-One PIV 2.4.1 on Cosmo V8.1 IDEMIA- ID-One PIV 2.3.4 on Cosmo V7 Giesecke & Devrient - G&D SCE 7.0 with PIV Applet V1.0 ZTPass - ZTPass on NXP P71D600 Thales- Thales IDPrime PIV v3.0 Yubico - YubiKey 5 Series Arculus AuthentiKey Swissbit - Swissbit iShield Key
Supported Devices	The Unifyia Client is compatible with all PCSC Card Readers - Contact and Contactless.

Prerequisites

For the device client to work in the Linux environment, you need to install PC/SC Lite and NSS-Tools.

PC/SC-Lite

For the device client to work in the Linux environment, you need to install PCSC-Lite which is an open-source implementation of the PC/SC standard. It is part of the global MUSCLE project (Movement for the Use of Smart Cards in a Linux Environment). PC/SC serves as the de facto standard for connecting personal computers with smart cards and smart card readers. Follow the below steps to install the PCSC-Lite.

Open a terminal and type the below command.


                                // To install PC/SC-Lite
sudo dnf install pcsc-lite

Follow the default installation process to install.
To uninstall the PC/SC-Lite service, execute the below command:
// To uninstall PC/SC-Lite sudo dnf remove pcsc-lite

NSS-Tools

Network Security Services (NSS) is a collection of libraries created to facilitate the cross-platform development of security-enabled client and server applications. Applications developed using NSS can support various security standards, including SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and more.

The NSS dependency (libnss3-tools) package is required to import self-signed localhost SSL certificate to the browser keystore. Follow the below steps:

Open a terminal and type the below command.


                                // To install NSS-Tools 
 sudo dnf install nss-tools

Provide the system password when prompted.

To uninstall, execute the below command:


                                // To uninstall NSS-Tools and libraries
sudo dnf remove nss-tools

Install Client

NOTE
If you have already installed the client service, ensure to uninstall the old versions before installing the latest version.

This section will walk you through the process of installing the Client service meant for users on Linux. On your local machine, download and extract the Client application that was shared with you. Follow the installation instructions for your operating system.

Download the unifyiauserclient-2.2.2-0.x86_64.rpm installer from the Device Client > Linux folder in the software distribution packages shared with you.
You cannot choose your installation directory. So, the default installation home path is /opt/Unifyia where you can find bin and lib folders.
Go to the downloads folder, open a terminal window, and run the following command to install the user client.


                            // To install User Client for RHEL machine
sudo rpm -ivh --force unifyiauserclient-2.2.2-0.x86_64.rpm

After you run the command, you will be prompted for the system password to install the software. Provide your password and press Enter.
You have successfully installed the Client service.

PC/SC Driver for Arculus AuthentiKey

Red Hat Enterprise Linux (RHEL) pcsc-lite-ccid 1.5.2-1.el9 version does not detect Arculus AuthentiKey devices. RHEL does not have an rpm package for the same. Hence, Unifyia has built a custom PC/SC driver using the source code of the driver pcsc-lite-ccid-1.6.2-1.el9.x86_64 provided by RHEL.

This section provides instructions on how to install and uninstall the custom PC/SC driver (libccid 1.6.2 driver) for USB CCID (Chip/Smart Card Interface Devices) to detect Arculus AuthentiKey along with other smart card readers. This driver package is required to facilitate communication with CCID smart card readers and the PC/SC Daemon.

Download the below listed RPM packages from the Device Client > RHEL folder in the software distribution packages shared with you to your local machine.

pcsc-lite-ccid-1.6.2-1.el9.x86_64.rpm
pcsc-ifd-handler-dummy-1.0-1.el9.x86_64.rpm

Go to the downloads folder, open a terminal window, and run the following commands. The new driver is installed and the PC/SC Daemon is restarted. If a PC/SC driver already exists, it will be replaced with the new version.


                        //To install custom RPM
sudo dnf install ./pcsc-lite-ccid-1.6.2-1.el9.x86_64.rpm 

// To restart the PC/SC Daemon  
sudo systemctl restart pcscd

Uninstall the PC/SC (libccid) Driver

Before uninstalling the custom rpm, you must install the dummy handler package first to avoid uninstalling core dependencies. Open a terminal and run the below commands.


                            //To install dummy handler
sudo dnf install ./pcsc-ifd-handler-dummy-1.0-1.el9.x86_64.rpm  

//To remove libccid 
sudo dnf remove pcsc-lite-ccid 

// To restart the PC/SC Daemon  
sudo systemctl restart pcscd

After uninstalling the customized RPM package, the default libccid and its dependencies will be removed and the smart card readers cannot communicate with other types of smart cards. To ensure continued smart card reader support for other cards, you need to switch back to the older official libccid package (1.5.2-1.el9 version). Run the below commands to reinstall the official libccid package and restart the PC/SC deamon.


                            //To install official libccid package
sudo dnf install pcsc-lite-ccid   

//To restart the PC/SC Daemon  
sudo systemctl restart pcscd

Stop and Restart Service

If the Unifyia platform is unable to detect the client service, then try to stop and restart the service. To stop and restart the service manually, open a terminal and run the following commands:


                        //To stop the service
sudo service DeviceClient stop

// To restart the service
sudo service DeviceClient start

Uninstall Client

Open a terminal and run the following command to uninstall the Client application on a Linux machine.


                        // To uninstall the client service
sudo rpm -e unifyiauserclient

Troubleshooting

This section will help you troubleshoot common service issues. Simply click on the problem to find steps for resolving it.

Service is unavailable or unresponsive.

If the Client service is not responding and appears to be offline, first clear the cache and verify if the client appears online. Alternatively, you can check the browser settings.

On the browser, go to Settings > Privacy and Security.
Under the Certificates section, check if the Client ROOT CA certificate is listed under the Authorities tab.
If yes, then click on the Client ROOT CA certificate and select Edit Trust settings. Ensure that This certificate can identify the websites checkbox is enabled. If it isn't, select it. Reload the browser and verify. The client appears online.

If the Client Root CA is not imported, follow the below steps to import it:
1. Open a terminal window.
2. Navigate to the directory opt/Unifyia/script and run the following command:
3. Check if the Client ROOT CA certificate is listed under the Authorities tab. If yes, click on the Client ROOT CA certificate and select Edit Trust. Ensure that This certificate can identify the websites checkbox is enabled. If it isn't, select it. Reload the browser and verify. The client appears online.
If smart card is not detected by the browser, try to stop and restart the service.

Browser displays Your connection is not private error message.

This issue occurs if the certificate issued for the client application is not read from the trust store by the browser because of which the Client appears to be offline. Follow the below steps:

Open your browser's privacy and security settings.
Navigate to the View Certificates.
Search for Client ROOT CA.
Under the edit or trust settings, enable the option that says This Certificate can identify websites.
Verify if the Client application is online. Otherwise, log out from the application and close the browser. Open a fresh browser and log into the Unifyia platform. The client application appears online.

Back Next

On this page

Prerequisites
- PC/SC Lite
- NSS-Tools
Install Client
PC/SC Driver for Arculus AuthentiKey
- Uninstall the PC/SC (libccid) Driver
Stop and Restart Service
Uninstall Client
Troubleshooting