Creating the Device Policy for IdenTrust Certificates

This section illustrates how to create a device policy that issues IdenTrust certificates onto the user’s smart card. For more information about creating a device policy, refer to Creating a Device Policy.

To create a device policy, perform the following tasks:

  1. Log on to the ActivID CMS Operator Portal with an ActivID CMS Administrator certificate.

  2. Click the Configuration tab, and then click Policies.

  3. Depending upon the PKI applications to be used, add a new device policy.

  4. Click Next, and then add the corresponding PKI applications.

  5. Click the Configure button associated with the PKI application to display the Device Policy - Set Application Information page:

  6. In the Friendly Name field, enter a valid, descriptive name for the certificate used for the device policy.

  7. In the Provider drop-down menu, select IdenTrust Certificate Authority.

  8. In the Certificate Authority drop-down menu, select a Certificate Authority host name.

  9. Depending on the Provisioning Method selected, the fields vary. Perform the appropriate tasks based on your selection.

    • Provisioning Method set to Create Credential

      Note: Selecting the Create Credential option is the equivalent of setting the former Recover Application option (available in previous ActivID CMS versions) to No.

      1. For Template, select the template corresponding to the PKI application (for example, one of the four available PIV Personal Identity Verification (technical standard of "HSPD-12") templates).

      2. Click Submit.

      1. In the Certificate Type field, enter the certificate type corresponding to the template to be issued (see Prerequisites).

      2. In the Account Type field, enter the account type (see Prerequisites).

      3. In the Company ID field, enter the customer account ID (see Prerequisites).

      4. Verify that the required fields contain appropriate information.

      5. Click Set.

    • Provisioning Method set to Recover Credential

      Note:

      • Selecting the Recover Credential option is the equivalent of setting the former Recover Application option (available in previous ActivID CMS versions) to Yes.

      • If you select Recover Credential for the Provisioning Method, the Recovery Mode options become available.

      1. Select ActivID CMS Managed.

      2. Make sure that the Recovery Settings and Revocation Settings correspond with your policy.

      3. Click Submit.

  10. Click Save.