The signature certificate is used to issue certificates to user workstations the AirKey cards are connected to. Client certificate is issued automatically upon the first connection of AirKey card to a computer. The client computer provides its certificate to the Indeed AirKey Enterprise server. The latter checks if the certificate is valid and allows or disallows the connection of the virtual card.
To create the server certificate using the Indeed.AKES.CertificateGenerator.exe utility, proceed as follows:
1. Run the command line as administrator on the Indeed AirKey Enterprise server and start the Indeed.AKES.CertificateGenerator.exe utility. After the utility finishes its operation, the AirKey Enterprise Server CA certificate appears in the Certificates snap-in of the Local Computer.
2. Grant the AirKey server the rights to read the certificate private key of the server. To do this:
- Switch to Certificates snap-in of the Local Computer
- Right-click the AirKey Enterprise Server CA certificate
- Select All tasks > Manage private keys...
- Click Add... and specify the IIS_IUSRS local group (for IIS 7.0) or IIS AppPool\IndeedAKES local account (for IIS 7.5 or later)
- Set the Read right
- Click Apply
3. Add the AirKey Enterprise Server CA certificate to Trusted Root Certification Authorities list on the AirKey server and user workstations the AirKey cards are to be connected to.