This guidance describes the certificate templates used in production of smartcards in Buypass Access Manager - the LRA client. If the CA, AD and CRL already are installed, and the only extra you need is to modify the templates in order to get started with LRA, this document will be enough. This document defines how to add new templates before production startup.
Buypass Certificate Templates in Microsoft CANot all the templates should be based on the 2008 templates. This is because Buypass p.t. do not have support for the 2008 templates new crypto algorithms in our CSP used for smart card logon.
Also make sure that minimum "key size" is1024, but 2048 for client templates. Buypass smart cards do not support "key size" greater than 1024 p.t. Buypass Access Manager – the LRA client needs a number of templates:
Too define each of the templates follow the links above in the table or the links to the right in Connected pages. Certificates with validity more than 2 yearsMicrosoft has set a default validity period for all certificates to a maximum of 2 years. This must be adjusted to maximum 3 years since the user certificates will last that long. You modify the profiles by running the commands: certutil-setreg ca\ValidityPeriodUnits 3 net stop certsvc net start certsvc The command will tell you the old value and then change to the new value. Next >>
|