- This line was added.
- This line was removed.
- Formatting was changed.
To connect Smart ID Identity Manager to Active Directory Certificate Services (ADCS), one component needs to be set up - the ADCS Connector - and one component needs to be configured - Identity Manager with a CA Proxy configuration. This article describes how to configure both components.
For more information about the components, see About the Identity Manager ADCS integration.
Set up the ADCS connector
The ADCS connector is needed for Identity Manager to issue certificates from an ADCS.
The following prerequisites apply for the ADCS connector:
The version number of the connector is shown as file- and product version of MSCAConnector.dll - it is not necessarily in sync with the Identity Manager build version.
The version described here is 22.214.171.124 (for PRIME 3.9, backwards-compatible with 3.8 and 3.7, hence older versions should not be used in most cases).
For installing versions older than 126.96.36.199, please refer to the archived version of this document: 3.8 - Integrate PRIME with Microsoft ADCS.
A service account needs to be created in ADCS, for example
Do the following:
Open the ADCS connector SSL/TLS port on the Identity Manager server:
The following items can optionally be configured in the <
To configure the IIS:
To test the ADCS connector:
Supported DN attributes
ADCS might ignore certain DN attributes contained in a certificate request, causing them to be missing from the issued certificate.
For example, in Windows Server 2016 it only supports the following set of attributes:
Set up the ADCS CA connector in Identity Manager
To configure the PKI web service interface used for the chip encoding module:
Each PKI provides predefined certificate types. In Microsoft ADCS, they are called Certificate Templates.
To import the certificate types: