Typically, a user certificate(s) would be issued to the credential during the issuance process, but if the operator is in possession of the credential it is possible to view, import, delete, set default certificate and issue/reissue a user certificate to the credential if the vSEC:CMS is configured and connected to a CA.
To access the certificate(s) on the managed credential browse to Actions - Certificate(s)/Keys and from the Certificates for the credential inserted in the drop down box select the reader that the user credential is inserted in.
It is possible to:
- View the certificate(s) on the credential;
- Set the default certificate if more than one certificate resides on the credential (the rosette symbol beside the certificate will be light blue to indicate which certificate is default);
- Recover a certificate if key archival/recovery was configured;
- Import a certificate from file in pkcs#12/pfx format;
- Delete a certificate;
- If the vSEC:CMS is connected to a CA it is possible to issue a user certificate to the credential. From the drop down list select from the available certificate(s) templates and click Issue;
- Enable the option Import Root/SubCA certificate(s) to smart card if it is required to write the Root and SubCAs to the credential during the issue of the certificate from the CA. You will need to have completed the guide Configure Root and Sub CA Import in order to be able to perform this;
- For credentials issued with multiple PIN support all of the options available above will be available with an additional PIN button. Click the PIN button if it is required to change the PIN type set for the certificate key container. For example, if the PIN type is set to Primary smart card PIN and if it is required to change the PIN type to Digital Signature select this option and click OK.