Managing Digital Certificates in a PIV Configuration

Digital PKI certificates can be used to provide authentication for many digitally secured operations.

For example, an Authentication certificate can be used to securely authenticate the identity of a user to a system, while a Digital Signature certificate can be used to digitally sign an email message or secure document.

Key Management certificates protect encrypted objects, such as digital files or emails, with a PIN value, where Key History slots store certificates that, while out of date, are still useful for decrypting older data they were previously used to encrypt.

The Crescendo Management Tool can be used to generate, load, or import PIV (Personal Identity Verification [FIPS 201])-type digital PKI certificates into specialized application slots in both Crescendo Cards and Keys.

Note:  Throughout this documentation, example digital PKI certificate operations are configured using only the Authentication certificate type. The other certificate types are configured in the same way and differ only in the specific slot they occupy on the device, and how a host device uses them for their designated purpose.

The following sections explains how to manage PKI certificates on your Crescendo device: