Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

This article describes how to update a certificate on an already personalized smart card in Smart ID Certificate Manager (CM). This task is done in the Registration Authority (RA) in Certificate Manager.

Prerequisites

 Prerequisites

The following prerequisites apply:

  • The Registration Authority is running.
  • The issuing procedure to be used is known.
  • The officer has the following role:
    • Issue certificate
  • Two smart card readers are available or alternatively one smart card reader and one smart card printer attached to the PC.
  • A pre-personalized smart card is available in the card reader/printer.

It is possible to use a virtual registration officer certificate, that is, a software token, instead of a smart card to authenticate the officer, but for security reasons, this is not recommended.

Step-by-step instruction

 Update smart card certificate

Options

  1. In the RA user interface in Certificate Manager, select the Smart Card tab.
  2. Insert the smart card to be updated in the card reader/printer.

    Existing keys and, if they are available, certificates, are shown in the Contents section. One key is presented on each line. If a smart card with a transport certificate (TC) is inserted in the card device, the common name from the TC appears in the Certificate column.

  3. Select what action you want to perform for each key. First click the down arrow and then choose an action:

    1. Blank - no action.

    2. Issue - secondary certificate is not stored on the card.
    3. Redo - remove current and insert another certificate. Use this action if the smart card contains a Transport Certificate (TC).
    4. Add - issue another certificate based on the same key.

      Do not use Add if the smart card has a TC, as this action may put an additional certificate on the card and keep the TC.

  4. Select a procedure for the new certificate.

    To issue certificates on a smart card with a TC, you must select a procedure that includes the necessary controls to verify the authenticity of the TC. Various error situations related to TCs are explained in Troubleshooting Certificate Manager clients.

  5. Enter data in the input fields. If required, you may change what fields that should be visible. See Select fields in Registration Authority in Certificate Manager.

    More information on how to enter Qualified Certificates (QC) statements is available in Qualified certificates in Certificate Manager.

  6. Enter your PIN code in Signature PIN.
  7. Click Submit to send the request to the CM host.
  8. A dialog box will open. Depending on the type of certificate (end-user or Certificate Authority (CA) certificate) to be updated, the look of this dialog will vary.

    1. For end-user certificate:
      1. Enter the PIN code and click OK. Depending on the contents on the smart card, two PIN codes may be required.
    2. For CA certificate: The dialog changes appearance depending on what information is needed.
      1. When an operator PIN is required (depending on specification in the token procedure), and this PIN is not available in the CM database, you must enter the OP PIN.

      2. If the token procedure specifies that CA certificates should be written to the card, the option Replace CA certificate(s) is shown.

      3. Click OK when done.
  9. The new certificate is written to the smart card.
  • No labels