Certificates

The Certificates view accessible from the left navigation pane enables you to access and manage the certificates and keys stored on a selected token.

Here, you can view both the free slots and the keys and certificates currently stored in them. The slots are displayed as individual tiles.

The Certificates view with bubbles indicating individual UI components described in this chapter.

Tip! See Actions Available From the Certificates View for more information about the accessible features.

Available Slots

Note: The available slots displayed in the Certificates view depend on your token type. Some of the listed slots may not be available for your specific token.
  1. PIV (Personal Identity Verification) Slots:

    • Authentication (Slot 9A): This slot is used for keys that authenticate the holder's identity, usually for system login.

    • Signature (Slot 9C): This slot holds keys used to digitally sign documents, files and communications.

    • Key Management (Slot 9D): This slot is for keys that provide encryption for confidentiality, such as decrypting emails.

    • Card Authentication (Slot 9E): This slot is used for keys that authenticate the device (not the user) to systems, typically via the contactless interface. By default, this slot does not protect keys with a PIN.

    • Free History Slot: In addition to the designated PIV slots, the device can hold additional keys in generic slots, which are mostly used for archiving key management (that is encryption) certificates.

  2. Non-PIV Slots:

    • Free General-Purpose Slot: Crescendo 4000 Cards provide the capability to add new general-purpose slots, with the only limitation being the memory available on the card. These slots provide flexibility for additional security functions that may not fall under standard PIV categories.

Note: From a Microsoft Windows perspective, the specific slots do not impact how the operating system interacts with the device, as Windows does not differentiate by slot type. However, PIV-compatible applications will recognize the designated purpose of each slot and use the cryptographic keys stored in them appropriately.

Validity

If a certificate has been generated or imported to your device, the tile displays the expiration date.

  • Yellow text "Expires soon" indicates that the certificate will expire within a month.

  • Red text "Expired" indicates that the key or certificate has already expired.

If one or more certificates expire within a month or have already expired, a yellow warning icon Warning icon image. is displayed on the Certificates navigation pane tab.

The Certificates navigation link with the yellow warning icon displayed.

More details about a certificate's validity can be viewed by clicking on the respective tile.

Actions Available From the Certificates View

Note: The actions available from the Certificates view depend on your token type. Some of the actions and options described may not be available for your specific token.

Generating Keys, Certificate Signing Requests, and Certificates

Viewing, Copying and Exporting Certificate/CSR/Key Details

To view more details about a key or certificate stored in a slot, click on the slot tile.

Importing Keys and Certificates

To import keys and certificates to your devices, you have several options to choose from:

Deleting Keys, Certificates, and Certificate Signing Requests

To delete a key, certificate, or a CSR, click the trash-bin icon image-20240514132857987 in the bottom-right corner of the slot tile in the Certificates view.

A slot tile with the trash bin icon highlighted.

A dialog will open, prompting you to confirm the deletion.

If the slot contains a certificate or a CSR, you can choose to keep the key and delete only the certificate/CSR by checking the checkbox:

The Deleting Slot content dialog with the Delete certificate only checkbox. The Deleting Slot content dialog with the Delete CSR only checkbox.