Adding the Microsoft CA
Make sure that you meet the prerequisites, and then perform the following steps in this section.
-
Log on to the Operator Portal, and go to the Repositories Management page.
-
Click Add Certificate Authority.
-
In the Provider drop-down list, select Microsoft Certificate Server 2008/2012.
-
In the Template drop-down list, select the appropriate template.
-
Click Submit to display the Certificate Authority Creation page again.
-
Name—Enter a valid, unique name for the CA within ActivID CMS.
-
Active Directory and Certificate Authority are informative and can't be updated.
-
Recovery support—Select Software, Hardware, or No from the list.
-
If you select No, then certificate recovery will not be supported.
-
If you select Software, then enter the .pfx file path for each recovery agent. You can list several agents in a comma separated list.
Enter the password in the Recovery Agent certificates password text box.
Note: If you use several agents, all pfx files MUST use the same password.-
If you select Hardware, then enter the recovery agent HSM A Hardware Security Module (HSM) securely stores secret key material. They are similar to large-storage, multisession smart cards. However, unlike smart cards, they are used mainly on the server side of a system. key labels using comma separators.
Enter the recovery agent’s public certificates (.cer files) using comma separators.
-
-
Optionally, you can specify a revocation reason which is going to be sent to the CA when performing one of the specified operations:
-
Device is Terminated,
-
Device is Lost,
-
Device is Stolen,
-
Device is Damaged,
-
Device is Expired,
-
Device is Re-issued,
-
Device Applications are Updated
-
-
The possible revocation reasons are:
-
Unspecified,
-
Affiliation Changed,
-
CA Compromise,
-
Certificate Hold,
-
Cessation of Operation,
-
Key Compromise,
-
Superseded.
-
-
-
Click Test. The connectivity check results are displayed in the Test Report box
-
Click Create. A confirmation page is displayed. For more information, refer to Configuring a PKI Application Using a Microsoft CA.