| Info |
|---|
This article is valid for Smart ID Identity Manager 24.R1 or later. |
...
use-case: authenticate to the IN Groupe Inside Server, which performs certain cryptographic operations on behalf of IDM when using the Idopte middleware (see Encoding using Idopte middleware in Identity Manager)
configured in this application:
Identity Manager Operator
general requirements:
descriptor can be omitted entirely (not even a placeholder needed) if Idopte middleware is not used, otherwise correct certificate and keypair is required
PKI card encoding via the Idopte middleware will fail if missing or configured incorrectly
algorithm attribute not used
(we only use certificate and private key from the descriptor)
versioning: not needed
storage: pkcs12
key requirements:
supported types:
RSA 2048
RSA 3072
RSA 4096 (recommended)
certificate requirements:
validity DOES matter, connection to Inside server will fail when expired
unsure recommend to use a CA, unclear if self-signed certs would work (recommend to use CA) Maybe remove “unsure“ from public documentationcertificates work
must be trusted by Inside server
key usage: digitalSignature
...