You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Tab defines the templates that are used to issue user certificates.

Make sure that the required templates are added to certification authority before starting to create certificate templates in the Indeed CM system.

Table 2 describes the settings of Microsoft CA certificate templates in the Indeed CM system. To create a certificate template, click Create certificate template, define the template parameters (see Table 2) and click Create.

Table 2 – Settings of Microsoft CA certificate templates in the Indeed CM system.

ParameterDescription
NameCertificate template name.
CACertification authority name.
Microsoft CA Certificate templateThis is loaded from the selected certification authority.
Key name prefix

If not defined, then the name of container with key pair is generated randomly. If prefix is defined, it is placed in front of the container name. The prefix value is displayed in third party software to work with private key container. Some smart cards might not support container names with prefix.

Backup key

If enabled, then encryption keys are generated at the Indeed CM server, saved to the system storage and written to the smart card. In case of smart card replacement, the keys from backup are simply written to a new smart card.
If disabled, then encryption keys are generated immediately at the smart card.

Reuse key

If enabled, the existing encryption key is re-used when updating the certificates written to the smart card.

Import key if exists

If enabled, the system would search for existing keys on the card (for the defined user, CA and template) and use found ones. New keys are not generated in this case.
If smart card is initialized before issuing, key import is impossible.

Revoke certificate at card revoking/disabling

If enabled, the user certificates are revoked upon smart card revoking or disabling in Indeed CM.

If disabled, the user certificates are not revoked upon smart card revocation or disabling.

Install certificate to local store  If enabled, then when a smart card is issued (upgraded) via Self Service, certificates stored on it will be added to the user's local storage at the workstation.
Publish CRL

If enabled, then extra publication of CRL is performed upon device revocation, disabling or enabling.

Accept certificate request automatically

If enabled, the certificate requests are approved automatically. If disabled, request approval by CA operator
is required for issuing a smart card.

Accept signed certificate renewal request automatically

If enabled, certificate renewal requests are approved automatically. If disabled, request approval by CA operator is required.

Default

If enabled, the certificate is marked as default one to login to Windows XP operating system.

Optional certificate

If enabled, then you can select the certificates to be written to a smart card from the ones marked as optional, while issuing a card.

If disabled, the certificate issued with this template is considered as mandatory to be written to a smart card.

To create a certificate template click Create certificate template. Define the template name, certification authority, select the CA template from the list of available templates. Then set the required template parameters (see Table 2) and click Create. The system allows for creation of multiple certificate templates for a single policy (provided that these templates are not identical). You can view the list of the created templates in the Templates section of the selected policy.

To edit a template, select it and click  button. To remove a template from the policy, click.


  • No labels