This article will describe the steps for configuring the vSEC:CMS whereby it will be possible to issue certificate(s) only from a credential template for credentials whose administration keys are not managed by vSEC:CMS. This means that the vSEC:CMS will not manage, know or have access to the credential administration PIN.
The PKI used here will be a Microsoft Certificate Authority (CA). If another CA is to be used please refer to the Administration guide for details on configuring a connection to such a CA.
It will be required that at minimum you have already successfully completed the configuration steps described in the article Setup Evaluation Version of vSEC:CMS. The instructions in this document are applicable regardless of whether you are running the evaluation version or a production version.
It will be necessary to have the appropriate credential drivers (minidriver) installed on your host. Please check with the credential provider that you have the correct credential drivers installed.
Configure Smart Card Access
Typically the smart card access is already set to the correct type but for completeness we will cover this in the article.
From Options - Smart Card Access attach an IDPrime MD credential that you will manage with the vSEC:CMS. The vSEC:CMS will filter the card type and present the entry in the table. There are several different types of IDPrime MD credentials, therefore the entry that is filtered will depend on the credential type. For example, if you are managing an IDPrime MD 830 credential then you would see as below.
Click the Edit button and for Smart Card Access make sure that Use minidriver if possible is selected and click Save to save and close.
1. From Templates - Card Templates click the Add button.
2. Click the Edit link for General.
3. Enter a template name and attach the credential that is to be issued and click the Detect button to allow the vSEC:CMS to detect the credential type that is to be used for this credential template. Click Ok to close the dialog.
4. Allow all other default settings in the General dialog and click Ok to save the settings and close this dialog.
5. Click the Edit link for Issue Card.
6. From the User ID Options section enable Assign User ID and select the AD connection already configured.
7. From the Enroll Certificate Options section enable Enroll certificate(s) and click the Add button. Select the CA connection already configured from the Certificate Authority drop-down list and select the certificate to be issued from the Certificate template list and click Ok to save and close the dialog.
8. Allow all other defaults for the Issue Card dialog and click Ok to save and close.
9. Click Ok to save and close the credential template configuration.
1. From Options - Settings select Enable card template based actions and enable the Allow actions on unregistered cards.
2. Click the Configure button and from the available credential templates select the template that you wish to use and add it to the Selected list and click Ok.
1. From Actions - Certificate(s)/keys attach a credential that you wish to be issued with a certificate and from the drop-down list select the credential template configured in Credential Configuration section above and click Issue.
2. Enter the operator PIN (Passcode) code when prompted.
3. Enter the credential PIN code when prompted.
4. Select a user from AD that the credential and certificate will be assigned to.
5. When complete a short summary dialog will appear.
6. The certificate issuance is now complete. The certificate(s) will be viewable from the Certificate(s)/keys dialog now.