Configuring the Enrollment Agent Account

To issue certificates from a Microsoft CA using the Use the Variable Menu to Type the Product Name option, you must issue Enrollment Agent certificates to the Apache Tomcat service account or to the local machine administrator account.

These credentials are used by Use the Variable Menu to Type the Product Name feature to sign certificate requests. For more information, refer to the section Installing ActivID CMS. For information about issuing certificates with a Microsoft CA, go to: http://support.microsoft.com/

1. Connect to Microsoft Certificate Services (https://<hostname>/certsrv/). You will be asked for a user name and password if you are not already logged on to the CA server domain. This displays the Microsoft Certificate Services Welcome page.

   

2. Click Request a certificate.

   

3. Click Advanced certificate request.

   

4. Click Create and submit a request to this CA to display the Advanced Certificate Request page again.

   

5. In the Certificate Template drop-down list, select Enrollment Agent.

6. In the Key Size text box, enter the appropriate size or click the appropriate size in the common key sizes adjacent to the text box.

   Select the option, Automatic key container name (as illustrated on this page).

7. Enter a name in the Friendly Name text box, and then click Submit.

8. When you receive the Enrollment Agent certificate, import the certificate on your personal computer certificate store (make sure you use the personal computer store instead of the user personal store).