Updating the Mobile App Certificates
The end user has a PIV Personal Identity Verification (technical standard of "HSPD-12") device with 3 credentials (AUTH_1, SIGN_1, ENC_1) and a mobile device with only 1 authentication certificate (AUTH_2). The organization now wants to extend capabilities provided on the mobile device by adding 1 new signature certificate and 1 encryption certificate (shared with the PIV device).
Initial state:
-
The PIV device is active, as well as all its credentials.
-
The mobile device is active as well as its credential (1 authentication certificate).
Operations:
-
Create an applications update request for the mobile app certificate (using the Help Desk). For details, see Requesting an Applications Update.
-
Execute the applications update request on the mobile device (using the User Portal). For details, refer to the ActivID CMS User online documentation.
Result:
-
The mobile device now has 3 certificates: 1 new signature certificate (SIGN_2) and 1 recovered encryption certificate (ENC_1, from the shared encryption credential of the PIV device), in addition to the existing authentication certificate.
Operation
PIV Device
Mobile Device
1. Initial state
AUTH_1
SIGN_1
ENC_1
AUTH_2
2. Create applications update request for mobile app certificates (Help Desk)
AUTH_1
SIGN_1
ENC_1
AUTH_2
3. Execute update request on mobile device (User Portal)
AUTH_1
SIGN_1
ENC_1
AUTH_2
SIGN_2
ENC_1
Important: Since only one mobile app certificates device policy can be defined at a given time, you will need to unassign the old policy for previously issued mobile app certificates in order to perform an update. Make sure that the Initial Issuance assignment is selected for the target device policy.
