This article is valid for Smart ID 20.11 and later.
In the communication between Smart ID Identity Manager and the ADCS, the following components are involved:
Identity Manager Server
-
The Identity Manager server contains CA-Server and CA-Name, and connects directly to the Connector ADCS.
-
The integrated CA Proxy connector is used as proxy for the client machines.
IIS Webserver - Connector ADCS
-
The IIS Webserver with the ADCS Connector does not need to be installed on the ADCS-Server, but on a server in the same domain.
-
Identity Manager authenticates with a client certificate on the ADCS Connector.
-
The ADCS Connector uses a Domain Service Account, which has the required rights in ADCS.
Certificate Authority (CA)
-
This is the ADCS server. The Domain Service Account of the connector is used to request and publish certificates from and to the CA.