To connect Smart ID Identity Manager to Active Directory Certificate Services (ADCS), one component needs to be set up - the ADCS Connector - and one component needs to be configured - Identity Manager with a CA Proxy configuration. This article describes how to configure both components.
For more information about the components, see About the Identity Manager ADCS integration.
The ADCS connector is needed for Identity Manager to issue certificates from an ADCS.
The following prerequisites apply for the ADCS connector:
The internal version number of the connector is shown as file- and product version of MSCAConnector.dll.
Since Smart ID 21.04 the MSCAConnector is released in sync with Identity Manager builds, which was not the case previously, so you can now always deploy a matching version of the connector for your Identity Manager.
A service account needs to be created in ADCS, for example
Do the following:
Open the ADCS connector SSL/TLS port on the Identity Manager server:
The following items can optionally be configured in the <
To configure the IIS:
To test the ADCS connector:
Supported DN attributes
ADCS might ignore certain DN attributes contained in a certificate request, causing them to be missing from the issued certificate.
For example, in Windows Server 2016 it only supports the following set of attributes:
To configure the PKI web service interface used for the chip encoding module:
Each PKI provides predefined certificate types. In Microsoft ADCS, they are called Certificate Templates.
To import the certificate types: