Configuring Automatic Certificate Renewal and Card Automatic Update
This section describes the installation and configuration of an ActivID CMS server-based solution to meet the stated requirements for creating an automatic process that performs the following tasks:
-
Identification of certificates about to expire.
-
Generation of device update requests (both applications update and re-issuance) for any devices affected.
This server-based solution assumes one of two options: that the User Portal in ActivID CMS is available for users to manage their devices or that the ActivClient® Card Automatic Update feature is used (preferred).
This section also describes the ActivClient Card Automatic Update feature, as this feature complements the Automatic Certificate Renewal by making the process of performing the actual card update easier, and by improving security and Total Cost of Ownership by ensuring that a greater number of users run the card update (versus ignoring it or forgetting about it).
The ActivID CMS server-based solution is designed to configure automatic certificate renewal and card automatic updates using a set of batch programs. Batch programs are executed on a server. This server can be one of the servers where ActivID CMS is currently installed.
-
The first batch program deals with the renewal process and runs within the Microsoft® Task Scheduler (for Windows®). There is an option to run it manually if for some reason the Microsoft Task Scheduler fails.
-
The second batch program deals with the administrative task. This process also runs within the Microsoft Task Scheduler. There is also an option to run it manually, if for some reason the Microsoft Task Scheduler fails.
Both the renewal and administrative processes use the ActivID CMS database and an HTTPS connection to the ActivID CMS portal to perform their jobs. The renewal process uses the Card and Credential Management (CCM) API.
High-level Architecture with ActivID CMS
Topics in this section: