Configuring a PKI Application Using a Symantec/VeriSign MPKI v7 CA
-
Go to the Device Policy - Creation page.
-
In the Action column, next to PKI1, click Add, and then click Configure.
The Device Policy - Set Application Information page appears:
-
Friendly Name—Enter a name that easily identifies the type of application you have selected for the device policy.
-
Provisioning Method —Select Create Credential.
-
Provider drop-down list—Select Symantec MPKI 7.0 (Verisign) Authority.
-
Certificate Authority drop-down list—Select the Symantec/VeriSign® CA that issues the certificate for this application.
-
Template drop-down list—Select the template to use to issue the certificate. The template specifies how the PKI credentials can be used (for example, digital signature).
-
In the User Name Prefix and User Name Suffix fields, enter a prefix and suffix for the certificate (if applicable).
-
Revocation Settings — By default, the credentials are revoked for all the listed states of the device. You can clear the check box(es) to indicate any state(s) for which you do not want to revoke the credentials. For example, if you clear the Damaged check box, the credentials in a device in the Damaged state will not be revoked.
-
Click Submit.
The Configure PKI1 application page appears:
If you specified the Symantec policy file when you declared the Symantec CA in ActivID CMS, then the information in the previous illustration appears in the Enrollment Policy Attributes field. This lists the mandatory and optional parameters that must be provided to the Symantec CA in order to issue certificates.
-
In the Directory Attribute column, enter the name of the LDAP Lightweight Directory Access Protocol attribute that contains the value for each parameter defined in the policy file.
-
Next to the Challenge Phrase field, select the Random option if you want ActivID CMS to generate random challenge phrases before requesting the certificate.
-
Click Set.
