Configuring ActivID Credential Management System for Key Recovery

Before configuring ActivID CMS for key recovery, you must first configure an escrow-compatible CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment. in ActivID CMS. In addition, there must be at least one certificate template created within the escrow-compatible CA to escrow the private key associated with the certificate.

1. Under Certificate Authorities, in the Name column, locate the CA you want to configure for key recovery.

2. In the Action column, click Update. The Certificate Authority Update page appears.

   The following example illustrates the update of a connection to a Microsoft CA.

   

3. Recovery support option—Select Software.

4. Recovery Agent certificates in PFX files field—Enter the path to the Recovery Agent file (located on the ActivID CMS server). This file contains a certificate (specific to the Microsoft CA) and key pair needed for ActivID CMS to request the recovered credentials. As with all .pfx files, this file is protected by a password.

   Important: You can list several recovery agents in a comma separated list. If you use several agents, all .pfx files MUST use the same password.

5. Recovery Agent certificates password field—Enter the password that protects the Recovery Agent .pfx file(s).

6. Click Test to check your updated connection.

7. Click Update.