Versions Compared

Old Version 1

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

compared with

New Version 2

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Smart ID 23.04.6

...

Expand
titleState of the requested certificates

A requested certificate is persisted as soon as it is received from a CA, even before it is written on the card. At this point, it will be in the state Issued. The exception to this rule is recovered certificates: These were already persisted in Identity Manager the time they were initially issued and they will not be persisted again, nor will their state be changed. They can however be related to the cards they are written to during a recovery, as described below.

When the card production or operation task has successfully finished, the certificates' state will be set from Issued to their start state as defined in the state graph.

Info
titlecertificateHold

You can temporarily revoke a certificate upon issuing it using the keyword revokeOnIssue. This will instruct the CA to revoke the certificate using the revocation state certificateHold. However, in IDM Identity Manager, the certificate will still be in its start state. If the certificate's start state is not certificateHold, you must add a Change State task to the process to set the certificate's state accordingly.

Should the task end in an error instead, they will remain in the Issued state.

Info
titleIssued state

Issued is an internal state for certificates. It is set on just issued certificates, before they are later set to their start state. This state makes it possible to search for certificates that were issued during failed card operations. These certificates were issued by a CA to an end entity, but were probably not successfully written on a card. To avoid having unused valid certificates, it is recommended that these certificates are revoked. Per default there is no further handling of these certificates. You need to find a way to handle them that suits your needs.

Since all certificates are initially stored in the state Issued and later moved to their start state, this transition needs to be defined in the certificate's state graph definition.

Looking for certificates in the Issued state is a way of finding certificates that were requested but were probably not written on a card and should therefore be processed, for example, revoked. There is no default handling of issued certificates, but it is recommended to do one of the following: 

  • search for them and implement a process that handles any that are found
  • handle them directly in the process when an encoding fails, using the generated certificate's CoreObjectDescriptors, as described below.


...