Create a user account (say, serviceca), on behalf of which the system shall account that will be used by the system to request user certificates in from the Certification Authority and set the rights (CA) and grant this account permissions to work with certification authority for this accountthe CA:
1. Open the Certification Authority tool, select the certification authority CA and switch to its Properties.
2. Click Add in the Security tab.
3. Specify the service account (servicecae.g. cfServiceCA) as the user.
4. Define the Issue and Manage Certificates and Request Certificates permissions for the account and save settings by clicking ОК.
5. Switch to Certificate Templates section in the Certification Authority console tree, right-click and select the Manage item from the context menu.
6. In the Enrollement Agent template security properties, add the service account and set permissions to Read and Enroll for it. Set the similar permissions for all certificate templates to be used by the Indeed CM system.
This is necessary, say, for Copy of Smartсard Logon template, which is used to issue the certificates for operating system logon with smart card.click ОК.
| Warning |
|---|
If you have more than one certification authority CA in your environment, then one and grant the service account the same set of privileges is to be assigned to the service account for all certification authoritiesCAs. |
