Comment: This article is new for Smart ID Identity Manager 5.0.0.
| Info |
|---|
This article is new for Identity Manager 5.0.0. |
...
Certain descriptors are used for optional features. If a certain feature (for example E-mail email signing) is not used in a given deployment, then you may configure the descriptor in question with a placeholder. Any PKCS#12 file containing a self-signed keypair will be sufficient in this case.
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping may be required for productive use, depending on the use case. Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding docker container). |
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping may be required for productive use, depending on the use case. Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding docker container). |
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping may be required for productive use, depending on the use case. Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding docker container). |
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping may be required for productive use, depending on the use case. Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding docker container). |
Use case
Send signed e-mails emails from IDM
Required
When e-mail email signing is configured
Configured in the following application
...
Placeholders allowed only if email signing is not used
Email verification will fail if not issued by a trusted S/MIME CA
Integrity of e-mails emails sent by IDM may be at risk if placeholder key is used
...
Proper S/MIME certificate with configured IDM e-mail email sender address in DN's E field and/or SAN RFC-822 entry
If subject DN email field is absent, SAN extension must be critical
Broken support for DN.E is fixed in IDM 5.0.0.
must not be self-signed
Key usage:
If present, must be critical and at least either digitalSignature or nonRepudiationValidity:
Adhering to CAB-Forum requirements from https://cabforum.org/working-groups/smime/requirements/#632-certificate-operational-periods-and-key-pair-usage-periods
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping is required for productive use. Only dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding docker container). |
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping may be required for productive use, depending on the use case. Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding docker container). |
...
Identity Manager Operator (See Set up visual ID layout in Identity Manager for more information.)
Storage
...
Authenticate to the IN Groupe Inside Server, which performs certain cryptographic operations on behalf of IDM when using the Idopte middleware (seeĀ Encoding using Idopte middleware in Identity Manager)
Configured in the following applications
...
Decrypting pin-blobs from pre-personalized cards to for example print pin letters for them (seeĀ Encodings using Personal Desktop Client middleware in Identity Manager (section "Read encrypted PINs")
...