Comment: This article is new for Smart ID Identity Manager 24.R1.
Remember to update the release version number before publishing externally.
| Info |
|---|
This article includes updates for Smart ID Identity Manager 24.R1. |
...
Encryption and decryption of fields in the Identity Manager database
Required
Always
Configured in the following applications
...
Encryption of the configuration files
Required
Always
Configured in the following applications
...
Signing and validation of the configuration files
Required
Always
Configured in the following applications
...
Certificate requirements
David Banz this section is here, but also in a different format below under “Supported types”., Which section is correct and which one should be removed?
USE THE SECOND ONEuse the second one
If key usage extension is critical, then digitalSignature is required
Issuing certificate has to be installed in the Identity Manager trust-store
Certificate must not be self-signed
...
Signing and verification of the object history
Required
Always
Configured in the following applications
...
Send signed e-mails from IDM
Required
When e-mail signing is configured
...
Proper S/MIME certificate with configured IDM e-mail sender address in DN's E field and/or SAN RFC-822 entry
If subject DN email field is absent, SAN extension must be critical
IDM up to 23.10.x only accepted SAN and ignored Note: broken support for DN.E (was fixed in IDM 24.R1) David Banzcan we rewrite this last part to just say it is fixed in this version?
must not be self-signed
Key usage:
If present, must be critical and at least either digitalSignature or nonRepudiationValidity:
Adhering to CAB-Forum requirements from https://cabforum.org/working-groups/smime/requirements/#632-certificate-operational-periods-and-key-pair-usage-periods
...