You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
This article describes how to create a token procedure within Certificate Authority (CA) in Smart ID Certificate Manager (CM).
A token procedure defines the parameters to be used when issuing a token (for example, a smart card) to an end user. The AWB is not used for the production of tokens, but other clients use the parameters defined in the AWB.
This task is done in the Administrator's workbench (AWB).
Prerequisites
The following prerequisites apply:
- Two administration officers must sign the request.
- Both officers must have the following roles:
- A connection to the CM host must have been established, see Connect to a Certificate Manager host.
- The following information is required by the administration officer during the task:
- The procedure name that will appear in the explorer bar
- The storage profile required for the token
- If a serial number is required for a smart card and, if so, the serial number range
- The method required for PIN distribution
- The token storage policy for issuer certificates
- The certificate procedures to be used
- The key procedures to be used
- It is recommended that formats, which are not available, be generated before performing this task.
Create token procedure
To create a token procedure:
- In AWB, select New > Token procedure.
- In the Create Token Procedure Request dialog, enter the Procedure name that should appear in the Token procedures sub-group in the explorer bar. This field is mandatory.
- Set the procedure State to Active or Closed as required.
- Select Domain and check Visible in subdomain if applicable.
- Select the required Storage profile.
- If Smart Card is selected as Storage profile, select to use a Card serial number or not, by clicking Yes or No (Mandatory).
If Yes is selected, enter the available number range in Serial number range - From and To (Mandatory).
Information on serial number ranges in use can be obtained by clicking on the i button. - In PIN procedure, select the required method.
- If key archiving or recovery will be used, add key procedures.
To add a key procedure, click + in Key procedures. Repeat until all the necessary key procedures are added. - In Issuer certificates, select the storage policy to be used, from the following options:
- Store all - store the certificates for the whole CA chain on the token.
- Do not store any - do not store any issuer certificates on the token.
- Store the root - store only the root CA certificate on the token.
- Store the issuing CA - store only the issuing CA certificate on the token.
- CAs for recovered certificates - controls whether the CAs of recovered certificates should be stored or not if the token procedure would recover any certificate issued by a CA other than the certificate procedures’ configured CAs. Only applicable if Store all, Store the root or Store the issuing CA has been selected.
- To add attribute certificate procedures (if it shall be included in the token procedure), click + in Attribute Certificate procedures and select an attribute procedure. Repeat until all the necessary attribute certificate procedures are added.
- Certificate procedures are mandatory unless only key recovery procedures with reuse certificate is selected in Key procedures.
- To add certificate procedures, click + in Certificate procedures and select a certificate procedure. Repeat until all the necessary certificate procedures are added.
If more than one certificate procedure is selected, the order of the certificate procedures in the list is important. Use the arrow buttons to sort the list into the required order.
- If a specific input view is required for the token procedure, select the Input view type. This selection helps to show only the relevant input fields in the RA, when this token procedure is selected. If no Input view is selected, the token procedure will use the default input view. There are predefined input views (GPIVs) available for preregistation in the RA.
For further information on input views, see Dynamic Input Views in the Certificate Manager Technical Description. - Click OK and sign the request. See Sign tasks in Certificate Manager for more information.