Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

 

This guidance is an extraction from the document “Installation Guide – Microsoft Windows 2008 Server – CA, AD and CRL” – chapter 7.1.

Here we define the certificate templates used in production of smart cards in the Buypass LRA. If the CA, AD and CRL already are installed and the only extra you need is to modify the templates in order to get started with Buypass LRA this document will be enough. This document defines how to add new templates before production startup.


Buypass Certificate Templates in Microsoft CA

Not all the templates should be based on the 2008 templates. This is because Buypass p.t. do not have support for the 2008 templates new crypto algorithms in our CSP used for smart card logon.

Also make sure that minimum "key size" is1024, but 2048 for client templates. Buypass smart cards do not support "key size" greater than 1024 p.t.

There are defined a number of templates for certificates and Enrollment Agents.

Certificate Template NameDescription

Buypass SmartCard Logon

Certificate issued to the smartcard for logon

Buypass SmartCard Enrollment Agent

Certificate issued to LRA ADM and LRA Operators so they will be able to issue logon certificates to regular users

Buypass Temporary SmartCard Logon

Certificate issued to the smartcard for temporary logon

 

Certificates with validity more than 2 years

 

Microsoft has set a default validity period for all certificates to a maximum of 2 years. This must be adjusted to maximum 3 years since the user certificates will last that long.

You modify the profiles by running the commands:

certutil-setreg ca\ValidityPeriodUnits 3
net stop certsvc
net start certsvc

The command will tell you the old value and then change to the new value.

 

 

Neste >>

Connecting pages  

Unable to render {include} The included page could not be found.

Unable to render {include} The included page could not be found.

 

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
 
Unable to render {include} The included page could not be found.
 

 

  • No labels