Page History

The signature certificate is used to issue certificates to user workstations the AirKey cards are connected to. Client certificate is issued automatically upon the first connection of AirKey card to a computer. The client computer provides its certificate to the Indeed AirKey Enterprise server. The latter checks if the certificate is valid and allows or disallows the connection of the virtual card.

To create the server certificate using the Indeed.AKES.CertificateGenerator.exe utility, proceed as follows:

Сертификат подписи используется для выдачи сертификатов рабочим станциям пользователей, к которым подключаются устройства AirKey. Клиентский сертификат выдается автоматически при первом подключении устройства AirKey к компьютеру. Обращаясь к серверу клиентский компьютер предоставляет свой сертификат, сервер Indeed AirKey Enterprise проверяет подлинность клиентского сертификата и разрешает подключение виртуальной карты.

Сертификат подписи может быть создан 2 методами на этапе развертывания Indeed AirKey Enterprise:

1. Run the command line as administrator on the Indeed AirKey Enterprise server and start the 

Indeed.AKES.CertificateGenerator.exe

utility. After the utility finishes its operation, the AirKey Enterprise Server CA certificate appears in the Certificates snap-in of the Local Computer.

2. Grant the AirKey server the rights to read the certificate private key of the server. To do this:

• Switch to Certificates snap-in of the Local Computer
• Right-click the AirKey Enterprise Server CA certificate
• Select All tasks > Manage private keys...
• Click Add... and specify the IIS_IUSRS local group (for IIS 7.0) or IIS AppPool\IndeedAKES local account (for IIS 7.5 or later)
• Set the Read right
• Click Apply

3. Add the AirKey Enterprise Server CA certificate to Trusted Root Certification Authorities list on the AirKey server and user workstations the AirKey cards are to be connected to.