Import PKI Certificates

Note: It is recommended that you import PKI certificates when registering the user for PKI authentication.

For further information about PKI authentication, see PKI Devices with Certificates and Managing PKI Authentication.

  1. Log on to the ActivID Management Console as a Device Manager.

  2. Select the Help Desk tab and, under Devices, select Import Device.

  3. Click Browse to locate the .cer file to be imported.

  4. Select the file, and then click Open.

  5. If not automatically selected, from the Import Adapter drop-down list, select 4TRESS – PKI Device Import Adapter and click Next.

  6. From the Device Type drop-down list, select PKI Container on Server.

  7. From the Credential Profile (the Credential Type) drop-down list:

    • For direct authentication, select PKI Challenge Response v1.
    • As direct authentication requires that the calling system perform a PKI-based challenge/response transaction with ActivID Appliance, a private key and certificate are required on the calling system. For more information on the API level required, refer to the ActivID Appliance API Integration Guideavailable from the ActivID Customer Portal.

      In order to allow a calling system to be authenticated with direct PKI authentication, the certificate associated with the private key (which remains securely on the calling system) must be imported and assigned to the user.

    • For indirect authentication, select PKI Certificate Check v1.
  8. Optionally, enter a Serial Number.

    The Serial Number can be used if you want to override the serial number of the certificate you are importing with another serial number. For example:

    • For a device-based PKI credential, you could enter the smart card serial number.
    • For a browser-based PKI credential, you could enter the unique serial number of the private key (.pfx or .p12).
  9. Optionally, enter a positive integer as an Issue Number to identify the user's credential.
  10. Note: The number is not checked during authentication. It is only used as part of your device identification scheme.
  11. Select the required Status from the drop-down list.

  12. Click Import.

    Important: Make a note of the serial number as you will need it when registering the user for PKI authentication.
  13. Assign the imported PKI credential to the user.