Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This article describes how a Workplace certificate agent enrolls a profile in the Workplace package in Smart ID Identity Manager.

Prerequisites

 Prerequisites

A certificate profile must have been created and be in the state "active". See Create certificate profile.

Step-by-step instruction

 Enroll profile
  1. In Identity Manager Operator, go to the Search page and select Workplace certificate profiles from the drop-down list.

  2. Click Search to get a list of certificate profiles, and select the active profile that you want to enroll.

  3. Select Enroll profile. For the selected enrollment protocol, follow the instructions below. 

     Enroll P10 profile
    1. In Upload CSR, click to search for and upload the certificate signing request (CSR) file.
    2. Click Next.
    3. Edit the server request.
    4. Click Download to download the P10 certificate. The P10 certificate is related to the asset or to the certificate profile.
    5. Click Next to proceed with the process or Cancel to close the process.
     Enroll P12 profile
     Without domain policies set
    1. Click Search asset and select an existing asset or create an asset. For more information, see Create asset.
    2. Click Next to proceed with the process or Cancel to close the process.

    3. Enter data in the fields under Certificate data,

    4. Click Next
    5. In Certificate password, do the following:
      • Click the download icon to download the certificate to your system.
      • Enter password and select the Confirm displayed password checkbox to confirm the password conditions. The password cannot be stored or retrieved. 
    6. Click Next.
    7. In Confirm certificate installation, click Confirm to confirm the installation. 
     With domain policies set
    1. Enter data in the fields under Certificate profile data.

    2. Enter data in the fields under Certificate data.

    3. Enter the domain name in the DNS field. If more than one DNS entry is required, the entries must be comma-separated.
    4. Click Next to proceed with the process or Cancel to close the process. 
    5. In Certificate password, do the following:
      • Click the download icon to download the certificate to your system.
      • Enter password and select the Confirm displayed password checkbox to confirm the password conditions. The password cannot be stored or retrieved. 
    6. Click Next.
    7. In Confirm certificate installation, click Confirm to confirm the installation. 
     Enroll ACME profile
     Without domain policies set

    1. Enter data in the fields under Certificate data.

    2. Click Next to proceed with the process or Cancel to close the process. 
     With domain policies set

    1. Enter data in the fields under Certificate data.

    2. Enter the domain name in the DNS field. If more than one DNS entry is required, the entries must be comma-separated.
    3. Click Next to proceed with the process or Cancel to close the process. 

    The registration request is sent directly to CM.

     Enroll SCEP profile
     Without domain policies set

    1. Enter data in the fields under Certificate data.

    2. Click Next to proceed with the process or Cancel to close the process. 
     With domain policies set

    1. Enter data in the fields under Certificate data.

    2. Enter the domain name in the DNS field. If more than one DNS entry is required, the entries must be comma-separated.
    3. Click Next to proceed with the process or Cancel to close the process. 

Approvals

 Profiles that require approval

Once the enroll profile action is completed, a notification for approval is sent to the administrator and you will get further information via email.

If the request has been sent already, you will also get a notification. An administrator with approval rights will approve or reject the request. For more information, see Workplace - Approval handling

 View approval status
  1. Once the request has been approved, go to the Search page and select Workplace requests.
  2. Click Search. The request will now have the status Approved.

Use case details

 Overview and technical details
Use case description

A Workplace certificate agent wants to enroll a profile. 

Outcome

For ACME or SCEP registrations, the asset is only registered on the Certificate Manager side. No visible outcome in Identity Manager Operator. 

For P12 or P10 requests, a certificate will be related to the asset on which the request was triggered.

Symbolic name

AssetsProcEnrollProfile

  • P10: AssetsSubProcEnrollP10Profile
  • P12: AssetsSubProcEnrollP12Profile
  • ACME: AssetsSubProcEnrollACMEProfile 
  • SCEP: AssetsSubProcEnrollSCEPRegistration
Process name

Enroll profile

Component

Identity Manager Operator

Process start

Option 1: Search>Workplace asset>Search for assets (in state "Active")>Enroll profile

Option 2: Search>Workplace certificate profiles>Search for a certificate profile (in state "Active")>Enroll profile 

If the process is started on an asset, the asset data is used as predefined values for the request or registration.

Related information

  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions