Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changes TLS to root CA in section Create CM .zip file

This instruction describes how to connect to Smart ID Certificate Manager from Smart ID Identity Manager




The following prerequisites apply:

  • Smart ID Certificate Manager (CM) is already installed and ready to use: Bootstrap is done, System CA and Production CA Hierarchies are signed, token procedures are configured.
  • Identity Manager needs a CM Officer certificate with permission to issue and manage the certificates.
  • For CM 7.x: The current rootfile of the Nexus CM is available.
  • For CM 8.x:

Step-by-step instruction

Example for CM 7.x:

Download this file and store it in a new folder (that you will later create the .zip file from):

securityOfficer=<Officer name> p12path=CM_Prime_Officer


p12 rootfile=<Rootfile> pinfile=pinEnc.cer

For CM 8.x

  • Open the .properties file for editing and enter your values: 

  • Expand
    titleCreate CM .zip file

    To create a CM connection .zip file:

    1. Create a file.

      For CM 7.x

    Code Block
    Code Block
    Code Block
    titleExample for CM 8.x:
    <CM IdM Officer name>

  • Create a .zip file, with the following content:

    2. For CM 7.x:

      1. rootfile

        This is the CM client truststore, which is created or updated by CM clients such as Administrator's Workbench when you connect to a new CM instance for the first time and accept its server certificate. The rootfile can be found in the following path on the CM client machine:

        Code Block
        titleExample: rootfile path

    3. For CM 8.x:
      1. TLS Root CA certificate file

        This is


        the root CA of the CM server TLS certificate. It can be obtained from the client


        trust store folder, which is created

        or updated

        and maintained by CM

        clients Administrator

        clients, that is, Administrator's Workbench, when you connect to a


        CM instance for the first time

        and accept its server certificate. The TLS certificate file can

        . The root CA certificate file can be found in the following path:


        Code Block
        titleExample: TLS Root CA certificate file path

      2. Place the TLS root CA certificate file into the folder "roots" within the zip file.
    4. .p12 CM officer file
    5. X509 PIN certificate

  • Expand
    titleCreate a Certificate Authority in Identity Manager Admin

    To add CM in Identity Manager Admin:

    1. Log in to Identity Manager Admin.
    2. Go to Home > Certificate Authorities (CA).
    3. In the General tab, add a new CA with the following details:
      1. In Connection Type, select Certificate Manager.
      2. Set CA Host to the CM server hostname.
      3. Click Upload. Browse to the .zip file you have created, and upload it.
      4. In Signing password, enter the password to the .p12 officer file.
      5. Click Create.

    titleImport certificate types

    Each PKI provides predefined certificate types. In CM, they are called Token Procedures.

    To import the certificate types

    1. Go to the Details tab.
      1. Click  to display the certificate types in CM.
      2. Click Apply to import the certificate types.
        The imported certificate types are now listed in Certificate Types.

    When you create a certificate template in Identity Manager Admin, then the imported certificate types are available to choose from.

    titleTest the connection

    To test the connection:

    1. Click Testing, and then Test Connection.


      The certificate types need to be downloaded, otherwise the test light of Revocation reasons will still be red.

      1. When the test button shows two green lights, save your configuration, by clicking Save.