Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

(lightbulb) This information is written in English only

 

Column
width62%

This guidance describes the certificate templates used in production of smartcards in Buypass Access Manager - the LRA client. If the CA, AD and CRL already are installed, and the only extra you need is to modify the templates in order to get started with LRA, this document will be enough.

This document defines how to add new templates before production startup.


Buypass Certificate Templates in Microsoft CA

Not all the templates should be based on the 2008 templates. This is because Buypass p.t. do not have support for the 2008 templates new crypto algorithms in our CSP used for smart card logon.

Also make sure that minimum "key size" is1024, but 2048 for client templates. Buypass smart cards do not support "key size" greater than 1024 p.t.


Buypass Access Manager – the LRA client needs a number of templates:

Certificate Template NameDescription

Buypass SmartCard Logon

Certificate issued to the smart card for logon

Buypass Temporary SmartCard Logon

Certificate issued   to the smart card for temporary logon

Buypass SmartCard Enrollment Agent

Certificate issued to   LRA ADM and LRA Operators so they will be able to issue logon   certificates to regular users

Too define each of the templates follow the links above in the table or the links to the right in Connected pages.

 

Certificates with validity more than 2 years

Microsoft has set a default validity period for all certificates to a maximum of 2 years. This must be adjusted to maximum 3 years since the user certificates will last that long.

You modify the profiles by running the commands:

certutil-setreg ca\ValidityPeriodUnits 3
net stop certsvc
net start certsvc

The command will tell you the old value and then change to the new value.

Image Added 

 

Next >>

Column
width2%

Column
width26%
Div
classright-navigation
Div
classright-navigation

 

Content Dette er en "Macro" som generes automatisk. Den viser denne sidens parents undersider og disses tilhørene undersider. 

Page Tree
root@self
startDepth2

Include Page
INCLIB:_right_navigation_style
INCLIB:_right_navigation_style

Column
width10%

Section
Column
width62%

Include Page
INCLIB:_bottom_bar
INCLIB:_bottom_bar

Column
width2%

Column
width26%

 

Column
width10%

Include Page
INCLIB:_navigation_buttons_style
INCLIB:_navigation_buttons_style
Include Page
INCLIB:doc_center_style
INCLIB:doc_center_style
 
Include Page
INCLIB:_template_style
INCLIB:_template_style
 

 

 

(lightbulb) 

Div
classright-navigation

Content 

Page Tree
root@self
startDepth2

Include Page
INCLIB:_right_navigation_style
INCLIB:_right_navigation_style

Column
width62%

This guidance describes the certificate templates used in production of smartcards in Buypass Access Manager - the LRA client. If the CA, AD and CRL already are installed, and the only extra you need is to modify the templates in order to get started with LRA, this document will be enough.

This document defines how to add new templates before production startup.


Buypass Certificate Templates in Microsoft CA

Not all the templates should be based on the 2008 templates. This is because Buypass p.t. do not have support for the 2008 templates new crypto algorithms in our CSP used for smart card logon.

Also make sure that minimum "key size" is1024, but 2048 for client templates. Buypass smart cards do not support "key size" greater than 1024 p.t.


Buypass Access Manager – the LRA client needs a number of templates:

Certificate Template NameDescription

Buypass SmartCard Logon

Certificate issued to the smart card for logon

Buypass Temporary SmartCard Logon

Certificate issued   to the smart card for temporary logon

Buypass SmartCard Enrollment Agent

Certificate issued to   LRA ADM and LRA Operators so they will be able to issue logon   certificates to regular users

Too define each of the templates follow the links above in the table or the links to the right in Connected pages.

 

Certificates with validity more than 2 years

Microsoft has set a default validity period for all certificates to a maximum of 2 years. This must be adjusted to maximum 3 years since the user certificates will last that long.

You modify the profiles by running the commands:

certutil-setreg ca\ValidityPeriodUnits 3
net stop certsvc
net start certsvc

The command will tell you the old value and then change to the new value.

 

 

Next >>

Column
width2%

Column
width26%
Div
classright-navigation
Div
classright-navigation

On this page

Table of Contents

 

Connected pages  

Page Tree
root@self
startDepth2

Include Page
INCLIB:_right_navigation_style
INCLIB:_right_navigation_style

Column
width10%

Section
Column
width62%

Include Page
INCLIB:_bottom_bar
INCLIB:_bottom_bar

Column
width2%

Column
width26%

 

Column
width10%

Include Page
INCLIB:_navigation_buttons_style
INCLIB:_navigation_buttons_style
Include Page
INCLIB:doc_center_style
INCLIB:doc_center_style
 
Include Page
INCLIB:_template_style
INCLIB:_template_style