Versions Compared

Old Version 11

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version 12

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To In order for the Microsoft CA to work with Indeed Certificate Manager, a registration template Enrollment Agent is requiredAxidian CertiFlow, you must have an Enrollment Agent registration template, as well as all other certificate templates that will be used by Indeed CMAxidian CertiFlow.

For As an example, let's create a Сopy of Smartсard Logon template that will be used to issue certificates for logging in to the operating system using a smart card.

  1. Open the Certification Authority snap-in.
  2. Switch to Certificate Templates section in the Certification Authority console tree, right-click and select the Manage item from the context menu item.
  3. Right click on the template Smartcard Logon template and select Duplicate Template.
  4. Open the properties of the created template Copy of Smartcard Logon and switch to Issuance Requirements tab.
  5. Activate the This number of authorised authorized signatures option and set the number of signatures equal to 1 (default value).
  6. Define the Application Policy and Certificate Request Agent policies:

7. If it is necessary to use private key of specific length, then go to Cryptography tab and set the necessary key size at the Cryptography tab in the Minimum key size field.

Tip

The This option is available for Microsoft CA 2008/2008R2 and higher. 


Warning

To mitigate the risk of unauthorized access to confidential information, the Microsoft company issued a non-security update (KB2661254) for all supported Microsoft Windows versions. This update blocks cryptographic keys , whose length is that are less than 1024 bits long. The This update is does not available for work in Windows 8 and later or Windows Server 2012 and later, since these systems already can block weak RSA keys of less than 1024 bits in sizelong.

8. In the If you need to issue certificates for users with no e-mail specified in the account, go to Subject Name tab, deactivate the Include e-mail name in subject name and E-mail name options in the certificate template properties, if it is necessary to issue certificates to users with no e-mail specified in the account.

9. In the Go to Security tab, add the service account (serviceca) and set grant it permissions to to Read and Enroll for it.

Warning

Be Make sure to issue similar permissions for the Enrollement Agent template and for all certificate templates to be used by Indeed CMAxidian CertiFlow. Click OK.

10. Save the settings by clicking OK.