The PKI settings tab also defines the operating system login settings:

  • Import CA certificates

This defines whether the root certificate of the certification authority or a certificate chain is to be written to a smart card when issuing.
Such certificates are not deleted from the smart card upon removal from Axidian CertiFlow. If enabled, the root certificates or certificate chains are written to a smart card.

The smart card, however, might not support writing of root certificates or of certificate chains.

  • Enforce smart card logon

If enabled, the Smart card is required for interactive logon option is activated in the user account parameters in Active Directory, when issuing a smart card.

The service account for working with user catalog (cfServiceAD) must have Write userAccountControl permission in Active Directory (see Configuring the user catalog in Active Directory).

Activation of Smart card is required for interactive logon option in user Active Directory account results in the change of the user domain password to a random one with unlimited validity term (see description in Microsoft article General information about user accounts).

Define the required parameters and click Save.

The section contains the following tabs:

  • Microsoft
    • Certification Authorities
    • Templates
  • Common certificates


  • No labels