Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

During the issue procedure, the smart card is personalized for the user: the card is initialized, key pairs are generated, required certificates are enrolled and the all these are written to the smart card according to the defined usage policy.

Certificate request creation and writing to the card are performed in the following order:

  1. A key pair is generated at the client side using a cryptographic service provider (CSP).
  2. A certificate request is generated, to which the user public key is attached.
  3. The request is signed with the user private key.
  4. The request is signed by the key of CA operator service account, owned by the Indeed CM system server.
  5. The request is sent to the certification authority.
  6. The issued certificate is written to the smart card by means of cryptographic service provider.

To issue a card to a user, proceed as follows:

  1. Switch to Users tab and search for the user.
  2. Switch to the user card by clicking his or her username in the search results.
  3. Click Issue card.

    Info

    If the smart card usage policy allows to Optional certificate option to be written to a card, select the required ones and click Next.

    Image RemovedImage Added

    Scroll Pagebreak
  4.  Connect the smart card to a computer, set the Label and enter the following, if required:
    • Initialize card – If enabled, the card is initialized before issuance. Initialization deletes all the data stored on the card.

      Note

      The Initialize card option allows not only to disable initialization for a specific smart card before the issue but also to enable it if it is disabled in the Smart card usage policy.


    • Label – smart card label or friendly name

      Note

      Card label can be formed automatically. See Smart card issuance settings.


    • Comment – some useful note about the card (e.g. name of department that this card supposed to be used)
    • Tags – some useful tags about the card

      Info

      Adding tags is possible if they are created by the administrator in the Configuration tab of the Tags section.


    • Card – smart card reader name with connected card

    • Advanced – depending on the smart card type the following fields can be available:

- Administrator PIN
- User PIN
- Initialization key

Named values might be empty. In this case, they will be set automatically according to the values in the Card types section.

To issue a smart card, click Issue.

Warning

If smart card initialization is activated, the corresponding notification is displayed in the course of the issue.

Image AddedImage Removed

Anchor
SOPIN
SOPIN

5. After the card is issued, the Assigned cards section appears in the User card, containing the information about the issued card:

    • Type serial number
    • Label (if defined)
    • Comment
    • Agents
    • Name of the policy the card was issued with
    • Administrator PIN

      Note

      Available if Viewing card SO PIN option is activated in Common features section of Indeed CM Setup Wizard.

      Scroll Pagebreak

    • Tags
    • Enrolled certificates: Template name, Certification Authority name, expiry date and current status

To set or modify the comment or tags, click , to view the administrator PIN click .

Warning

The latter is only available to users with Indeed CM Admins privileges.

Image RemovedImage Added

If certificate request needs to be approved by certification authority operator (see Smart card life cycle), then the request current state is displayed in the user card.

All possible certificate status private keys, certificate requests with their description is given in section Certificate status.

Image RemovedImage Added

6. After approval the certificate state changes to Accepted. Then you can continue card issuance (the Resume issuing button becomes active).

Warning

Even if one of the certificates was approved automatically (its status is Valid), it will be written to smart card only after the Resume issuing button is clicked.

Card issuance is only possible if all the certificate requests are approved by CA operator.

Image RemovedImage Added

7. After smart card is issued, a randomly generated user PIN is displayed, if the smart card issuance policy is set up accordingly. The set PIN can be send to the user or his/her manager e-mail (see Setting PIN in User notifications of Indeed CM smart card policy) or printed.

Image RemovedImage Added

To print the user PIN, click . The print page opens in a new tab.PIN will be saved in PinEnvelope.pdf file.

Image AddedImage Removed

Info

Print parameters reside in the C:\inetpub\wwwroot\icm\Content\pinenvelope.xsl template.

By default, user information (name and email) and device data (type, serial number and user PIN) is printed. To modify the print template, edit pinenvelope.xsl file accordingly.