Page History

Here are the Axidian CertiFlow Setup Configuration Wizard parameters:

Information about saving the specified values to the service configuration files.

When you finish configuring the Setup Wizard settings, the specified values are written to configuration files and encrypted. Encryption is performed using Microsoft .NET key (NetFramework ConfigurationKey) and RSA algorithm.

Section	Description
Before starting work	Axidian CertiFlow Setup Wizard purpose and features
Restore configuration	Uploading a backup copy of Axidian CertiFlow configuration.
System features Common features Event Log Microsoft CA AirCard Enterprise Client Agent	Configuring internal settings for Axidian CertiFlow web applications: Management Console Display system summary Enable custom log Warning The custom log is implemented only for system configuration using the Data Storage in Microsoft SQL and PostgreSQL. Own organizational Organization structure Integration with Axidian Access Internal document management User's password reset in Active Directory Viewing card SO PIN Publishing certificates in the file storage Warning Publishing certificates is not supported for mounted network drives. Set path to the file storage in this format: \\Workstation name\Network directory name Self-Service View card content Create TPM Virtual Smart Card (VSC) Enroll Windows Hello for Business (WHfB) Enable downloads Event Log: Define the user attribute to search in the Event Log. Default value: CN (Common name) Configure connection to Unified Event Log for several CertiFlow servers Microsoft CA: Configure settings for working with Microsoft Certification Authority. AirCard Enterprise: Configure integration with Axidian AirCard Enterprise virtual smart card server. Client Agent: Configure Axidian CertiFlow Agent.
Users catalog Active Directory Tracked attributes	Information about users catalog and user attributes .  The list of tracked user attributes in Microsoft CA certificate templates settings includes the following attributes by default: Common name E-mail User principal name Warning You can track changes in user attributes only in Subject and Subject Alternative Name fields of the certificate.
Access control Role administrator	Defining access settings to system services. Specify an account to configure user privileges in Roles of Axidian CertiFlow Management Console.  Warning The specified account must have a User Principal Name (UPN) and belong to the specified users directory.
Database Active Directory Microsoft SQL PostgreSQL Encryption key	Information about the system's data storage and encryption algorithm. Creating an encryption key, a backup copy or a key recovery from backup. Storage connection settings depend on selected storage type.
Card Monitor service	Card Monitor service controls smart card usage. Operations: Revoking expired temporary cards Deactivating (optional) cards and revoking certificates for users with disabled Active Directory accounts (optional) Deleting AD disabled Active Directory accounts (optional) from Axidian CertiFlow users catalog (optional) Revoking and withdrawing (optional) cards for deleted users (optional) Setting/resetting a card content status (about to expire/expired) Updating card contents (available if a card is updated through Axidian CertiFlow Agent and the CA operator does not approve certificates automatically) Registering There is no connection from the agent for a long time event in the system log Deleting inactive agents (you can set the time when an agent is considered inactive) Sending email notifications to system administrators and users about the following events: Expiring user certificates Approve/reject to issue a card Approve/reject to renew a certificate Approve/reject to replace a card Modifying a system policy applied to a user Changing user attributes in users catalog  Warning For the Card Monitor service to run regularly, the account specified in the setup wizard Configuration Wizard must be part of Administrators group on the CertiFlow server and have permission to Log on as a batch job. For Card Monitor service to work properly, create a service role with an account for Card Monitor in Roles section and define the following privileges for the role: Disabling cardsa card Updating cardsa card Canceling a card update Revoking cardsa card Cleaning cardsa card Unassigning cardsa card Removing cardsa card Removing AirCard Removing an agent Removing a record from custom log Note Set privileges to work with virtual smart cards, if AirCard integration is configured.
Confirmation	Summary of all Configuration Wizard settings and creating a backup copy of Axidian CertiFlow configuration. After you click Apply, the specified values for all settings will be saved in configuration files for all applications and stored in the C:\inetpub\wwwroot\cm\wizard\configs folder.
Results	Information about saving the specified values to the service configuration files. You can upload the configuration files to an archive (Save configuration files option) to transfer and apply the settings to the system server. When installing Axidian CertiFlow for the first time, save a copy of your configuration settings (option Backup current configuration settings in Confirmation sectionoption). Configuration backup includes all settings, as well as encryption key and algorithm. When deploying To deploy new system servers, you can use upload the backup file - upload it in Restore configuration section of the wizard.  Warning The Configuration backup file also includes all settings, as well as the database encryption algorithm and encryption key, and all service accounts data. Keep the backup file in a secure place.	Results

Applying configuration files to the CertiFlow server

Apply the configuration files to the CertiFlow server:

1. Run PowerShell as administrator and go to C:\inetpub\wwwroot\cm\wizard\configs.

2. Run the PowerShell script deploy_configuration.ps1: 

   .\deploy_configuration.ps1

   
   

3. Specify the password of the account that is used to launch the Card Monitor service.