Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Indeed Certificate Manager allows to perform temporary or constant replacement of user smart cards. The contents of the old card is completely moved to the new one.

There two types of card replacement:

1. Temporary replacement – a new card is given for a defined period of time. For example, the employee has left his/her card behind at home. The operator issues a new card for him/her. The card validity term is limited to one day. 

In this case the certificates on the employee card that is left at home, are put on hold. Valid certificates and keys are written to the new card. The figure shows two cards in the user card:

  • The Main is card Gemalto IDPrime MD is disabled and all the certificates on it are put on hold.
  • Duplicatecard is a virtual smart card AirKey issued with the limited validity term (highlighted in red).

Image RemovedImage Added

2. Permanent replacement – the replaced card is revoked, a new one is issued instead. All the data from the replaced card (key pairs, certificates) is written to the new one. Certificates on the replaced card are revoked irreversibly.

Warning

The PIN of the replaced card is not transferred to the new card. The duplicate card would have a new PIN set in accordance with smart card usage policy:

  • Default one, set by manufacturer
  • Defined by administrator in the card initialization parameters
  • Randomly generated

The user can change the smart card PIN in Self-Service, if the corresponding settings of the smart card usage policy are enabled.

To replace a user smart card, proceed as follows:

  1. Switch to Users tab and search for the user.
  2. Switch to the User card by clicking his or her username in the search results.
  3. Select the necessary card and open its data.
  4. Click Replace.
  5. Define the replacement type: Temporary or Permanent.
  6. If the replacement is Temporary, define the temporary card expiry date.
  7. If the replacement is Permanent, define the reason.
  8. Define the smart card label (can be set up automatically, if the corresponding action is permitted by smart card usage policy).
  9. Define smart card comment, if needed.
  10. Specify administrator PIN in Advanced section, if the new smart card is not added to Indeed CM. If smart card is added in Indeed CM then Advanced menu is not displays.
  11. Connect the new card to a computer and click Replace.

Image RemovedImage Added

Warning

If the corresponding settings of the smart card usage policy are defined, then the new smart card would be initialized while replacing. All the data stored on it would
be erased.

If Indeed Certificate Manager is integrated to Indeed AirKey Enterprise, then a hardware smart card can be replaced by a virtual AirKey card. To do so, click Replace with AirKey in the card properties.