Creating the Device Policy for Keyfactor EJBCA Certificates

This section illustrates how to create a device policy that issues Keyfactor EJBCA certificates onto the user’s device. For more information about creating a device policy, refer to Creating a Device Policy.

To create a device policy, perform the following tasks:

1. Log on to the ActivID CMS Operator Portal with an ActivID CMS Administrator certificate.

2. Click the Configuration tab, and then click Policies.

3. Depending upon the PKI applications to be used, add a new device policy.

4. Click Next, and then add the corresponding PKI applications.

5. Click the Configure button associated with the PKI application to display the Device Policy - Set Application Information page:

   

6. In the Friendly Name field, enter a valid, descriptive name for the certificate used for the device policy.

7. Leave the Provisioning Method set to Create Credential.

   Important: In ActivID CMS 6.3, certificate escrow and recovery are not supported. As a result, you must not set the Provisioning Method to Recover Credential.

8. In the Provider drop-down menu, select Keyfactor EJBCA.

9. In the Certificate Authority drop-down menu, select a Certificate Authority host name.

10. For Template, select the template corresponding to the PKI application (for example, one of the four available PIV Personal Identity Verification (technical standard of "HSPD-12") templates).

    Note: The End-Entity profile / Certificate profile pair (separated by a colon) is used as a full template name (see End Entity and Certificate Profiles for details).

11. Click Submit.

    

12. Verify that the required fields contain appropriate information.

13. Click Set.