Document toolboxDocument toolbox

Create CIL procedure in Certificate Manager

This article includes updates for CM 8.6.1.

This article describes how to create a Certificate Issuance List (CIL) procedure that defines the parameters to be used when issuing a CIL within Smart ID Certificate Manager (CM). This task is done in the Administrator's workbench (AWB).

There can be only one active CIL for a certain Certificate Authority (CA). An error will occur when trying to create and sign more than one CIL procedure for the same CA.

Prerequisites

The following prerequisites apply:

  • Two administration officers must sign the request.

  • Both officers must have the following roles:

    • Use AWB

    • Policy tasks

  • A connection to the CM host must have been established (see Connect to a Certificate Manager host).

  • The following information is required by the administration officer during the task:

    • The procedure name that will appear in the explorer bar

    • The name of the CIL issuer

    • The CIL format to be used

    • The distribution rules to be used

Step-by-step instruction

Create CIL procedure

Clicking Save at any time during the creation of the CIL procedure, before clicking OK, will save the data and place the incomplete procedure definition in the CIL procedures sub-group.

To complete the creation of the CIL procedures at a later stage:

  • Highlight the procedure in the explorer bar

  • Select Modify from the Edit menu, the toolbar, or the right-click shortcut menu.

To create a CIL procedure:

  1. In AWB, select New > CIL procedure.

  2. In the Create CIL Procedure Request dialog, enter the Procedure name that should appear in the CIL procedures sub-group in the explorer bar. This field is mandatory.

  3. Set the procedure State to Active or Closed as required.

  4. Select Domain and check Visible in subdomain, if applicable.

  5. Click the CIL issuer browse button and select the required CA. This field is mandatory.

  6. Click the CIL format browse button and select the required format. This field is mandatory.

  7. In Distribution rules, click + to add a distribution rule. Add all relevant distribution rules. This field is mandatory.

  8. Set the Immediate issue parameter using the Yes and No options. If Yes is selected, any certificate issuance will cause an extra CIL to be issued.

  9. Modify the Update interval, which means the time between successive CIL issues.
    Select in turn the years, months, days, hours and minutes and adjust the amounts using the up and down arrows. The date and time units may also be entered manually.

  10. Modify the Margin. The margin is added to the update interval to ensure that a CIL is always available (for example, during download of the current CIL).
    Select in turn the years, months, days, hours and minutes and adjust the amounts using the up and down arrows. The date and time units may also be entered manually.

  11. If the CIL should be built at a specific time, add a minutes and hours specification in the Build at (hh:mm) field. Otherwise the CIL will be built at the time of day when the CIL procedure is created. To use a "Build at"-specification, the update interval must be a whole multiple of days, that is, the hours and minutes of the update interval must be set to zero. 

  12. In order to limit the file size, CIL supports segmentation. This means that a CIL can be split into several files. Enter the number of certificates included in one CIL file (size of a CIL segment) in the Certificates / file field. For more information about certificate issuance list and CIL segments, see "Appendix A. Certificate Issuance List (CIL)" in the Technical Description.

If no limit is specified for the certificates in a file, all certificates issued will be added to the same segment and the file size will grow indefinitely.


Option: Configure delta CIL

  1. If delta CILs are to be issued, select Yes next to Issue Delta. No is the default.

  2. Enter the following delta parameters:

    • Reference CIL - the value entered here represents the number of CILs you are required to backtrack to locate the reference CIL (for example, 1 represents the immediate previous CIL).

    • Frequency - the number of delta CILs that are issued between CIL issues.

    • Margin - the margin is added to the period between delta CIL issues to ensure a valid deltaCIL is always available.

  3. Set the delta Immediate issue parameter using the Yes and No options. If Yes is selected, any certificate issuance will cause an extra delta CIL to be issued.

  4. In Distribution rules, click + to add a distribution rule. Add all relevant distribution rules.

  5. Click OK and sign the request. See Sign tasks in Certificate Manager for more information.

Note about activated certificates

It may be required to not mark a certificate as issued because it has not yet been published. The activated certificates CIL contains only certificates that have been published and activated. This list will therefore only contain a sub-list of all issued certificates and will further on allow a setup where issued but non activated certificates can be marked as ‘revoked’ when using CILs in conjunction with CRLs to support RFC 6960.

Related information



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions