How can we help?

Configure PKCS#12 Certificate Database

Anthony - Versasec Support
Anthony - Versasec Support
  • Updated


Follow the instructions in this article to configure a database file that can be used when issuing smart card tokens with certificates that are stored as PKCS#12 or PFX files.

Currently it is possible to configure this feature for CA connections that are configured for Entrust and PKCS#12 support.

1. Firstly, configuration information needs to be added to a certificate list file. The certificate list file should be created in the cms_db\certificates folder located where the vSEC:CMS is installed. The name of the certificate list file needs to be the internal name of the PKCS#12 CA template as set in your vSEC:CMS. You will find the name of the template by selecting the template from the Options - Connections page and clicking on the Certificate Authorities. Then select your PKCS#12 template. Information about the template will be displayed in the bottom window when you select the template. If the filename is 000f0006.certlist then you would see this information displayed as Certificates: 000f0006.certlist in the bottom window.

Below is a simple example of what contents should be provided in the file, 000f0006.certlist in this example.

<?xml version="1.0" encoding="UTF-8"?>
<e file="pkcs12_example1.db"/>

2. In this example, we have a pkcs12 section where you define the location of the database file. The database file in this example will reside in the default folder cms_db\certificates in the root location of the vSEC:CMS installation folder on the server. The name of the database file is pkcs12_example1.db. It is also possible to configure location of the database file depending on where it is located as in samples below:

<e file="..\pkcs12_example2.db"/>
<e file="c:\mypkcs12databsefile\pkcs12_example3.db"/>

3. The database file will contain the information for the PKCS12 files that are to be imported. An example file is provided below:

<?xml version="1.0" encoding="UTF-8"?>
<e id="CN=John Doe,CN=Users,DC=example,DC=com">
<v name="Verification" file="johndoe_verification_cert.p12"/>
<v name="Encryption" file="c:\mypkcs12files\johndoe_enc_cert.p12"/>

4. The <data> tag provides the details for the user DN as expected by the vSEC:CMS and the template name, Verification and Encryption in this example. The template name is the name of the certificate template(s) as configured on the CA. For example, for an Entrust CA these template names will be seen from the Enroll Certificate Options section of the card template used. The names as configured here are case sensitive. The location of the PKCS12 files to be used is configured here also. The base location for the PKCS12 files is the location where the database file resides.