Comment: This article is new for Smart ID Identity Manager 24.R1.
Remember to update the release version number before publishing externally.
| Info |
|---|
This article includes updates for Smart ID Identity Manager 24.R1. |
...
Certificate requirements
David Banz this section is here, but also in a different format below under “Supported types”., Which section is correct and which one should be removed?
USE THE SECOND ONE
If key usage extension is critical, then digitalSignature is required
Issuing certificate has to be installed in the Identity Manager trust-store
Certificate must not be self-signed
...
Proper S/MIME certificate with configured IDM e-mail sender address in DN's E field and/or SAN RFC-822 entry
If subject DN email field is absent, SAN extension must be critical
IDM up to 23.10.x only accepted SAN and ignored DN.E (fixed in IDM 24.R1) David Banzcan we rewrite this last part to just say it is fixed in this version?
must not be self-signed
Key usage:
If present, must be critical and at least either digitalSignature or nonRepudiationValidity:
Adhering to CAB-Forum requirements from https://cabforum.org/working-groups/smime/requirements/#632-certificate-operational-periods-and-key-pair-usage-periods
...