Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

This instruction describes how to connect to Smart ID Certificate Manager from Smart ID Identity Manager

Expand/Collapse All


The following prerequisites apply:

  • Smart ID Certificate Manager (CM) is already installed and ready to use: Bootstrap is done, System CA and Production CA Hierarchies are signed, token procedures are configured.
  • Identity Manager needs a CM Officer certificate with permission to issue and manage the certificates.
  • For CM 7.x: The current rootfile of the Nexus CM is available.
  • For CM 8.x:

Step-by-step instruction

To create a CM connection .zip file:

  1. Download this file and store it in a new folder (that you will later create the .zip file from):

  2. Open the .properties file for editing and enter your values: 

    Example for CM 8.x:
    securityOfficer=<CM IdM Officer name>
  3. Create a .zip file, with the following content:

    2. For CM 7.x:

      1. rootfile

        This is the CM client truststore, which is created or updated by CM clients such as Administrator's Workbench when you connect to a new CM instance for the first time and accept its server certificate. The rootfile can be found in the following path on the CM client machine:

        Example: rootfile path
    3. For CM 8.x:
      1. Root CA certificate file

        This is the root CA of the CM server TLS certificate. It can be obtained from the client trust store folder, which is created and maintained by CM clients, that is, Administrator's Workbench, when you connect to a CM instance for the first time. The root CA certificate file can be found in the following path:

        Example: Root CA certificate file path
      2. Place the root CA certificate file into the folder "roots" within the zip file.
    4. .p12 CM officer file
    5. X509 PIN certificate

To add CM in Identity Manager Admin:

  1. Log in to Identity Manager Admin.
  2. Go to Home > Certificate Authorities (CA).
  3. Click New and enter a name for the CA.
  4. Click Save + Edit.
  5. In the General tab, add the following details:
    1. In Connection Type, select Certificate Manager.
    2. Set CA Host to the CM server hostname.
    3. Click Upload. Browse to the .zip file you have created, and upload it.
    4. In Signing password, enter the password to the .p12 officer file.
    5. Click Save.

Each PKI provides predefined certificate types. In CM, they are called Token Procedures.

To import the certificate types

  1. Go to the Details tab.
    1. Click  to display the certificate types in CM.
    2. Click Apply to import the certificate types.
      The imported certificate types are now listed in Certificate Types.

When you create a certificate template in Identity Manager Admin, then the imported certificate types are available to choose from.

To test the connection:

  1. Click Testing, and then Test Connection.

    The certificate types need to be downloaded, otherwise the test light of Revocation reasons will still be red.

    1. When the test button shows two green lights, save your configuration, by clicking Save.