Configuring the Certificate Authority

This section describes how to configure the ActivID CMS Operator Portal for Symantec PKI.

For detailed instructions on creating directories and CAs in the ActivID CMS, refer to Procedures for Managing Directories and Procedures for Configuring Connections to Certificate Authorities.

  1. Log on to the ActivID CMS Operator Portal with an ActivID CMS Administrator certificate.

  2. Go to the Configuration tab, and then click Repositories.

  3. Click Add Certificate Authority.

  4. From the drop-down list, select Symantec MPKI 8.0 Authority.

  5. For Template, keep the default value (Symantec X509).

  6. Click Submit.

  7. Enter a Name for the Certificate Authority.

  8. Specify if the RA A Registration Authority (RA) is an authority in a network that verifies user requests for a digital certificate and instructs the CA to issue it. An RA is part of a PKI, a networked system that enables companies and users to exchange information safely and securely. Credentials are stored in an HSM A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system. (instead of in a Keystore file).

    If you select No, the additional Keystore fields appear:

  9. Depending on your deployment (HSM or Keystore), enter the required values:

    Field

    Description

    Keystore containing the RA Certificate

    Path of the KeyStore containing the RA certificates.

    For example, C:/Program Files/HID Global/Credential Management System/certificates/racert.jks (only for software Keystore).

    RA Certificate Keystore password

    Password for RA certificate KeyStore (only for software Keystore).

    RA Certificate Alias

    • With a software KeyStore, this field is optional – if you have only one key in your KeyStore, you can leave this field blank.

    • With an HSM: this field is mandatory – it must equal the RA Key Alias that was configured when setting the RA certificate in the HSM.

    TrustStore

    Path of the TrustStore containing the trusted root CA.

    The TrustStore contains 5 certificates.

    For example, C:/Program Files/HID Global/Credential Management System/certificates/cacerts.jks.

    TrustStore password

    Password for TrustStore.

    Web services end point

    Web services end point URL.

    For example, https://ptnr-pki-ws.bbtest.net.

  10. Click Test to verify the CA configuration.

  11. Click Create to apply your changes.