Rules for Key Recovery
ActivID CMS enables the escrow and the recovery of the PKI credentials. ActivID CMS can recover credentials when a device is declared lost, stolen, damaged or forgotten, as well as when a device is updated or re-issued.
This feature is often used with encryption certificates. It is not recommended that you escrow non-repudiation certificates. Key escrow is not managed by ActivID CMS, but by an escrow-compatible CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment.. If you want to enable key escrow and recovery functionality, then you have to:
-
Configure at least one escrow-compatible CA with ActivID CMS.
-
Create at least one certificate template within the escrow-compatible CA, which escrows the private key associated with the certificate.
-
Update the CA within ActivID CMS to support recovery (detailed in the next section).
Topics in this section:
