In the Nexus Smart ID module Digital ID, a server certificate can be issued via a PKCS#12-formatted software token, with or without approval step. A PKCS#12 software token contains a key pair and the corresponding certificate.
Standard workflow
|
|
Actor |
Action |
Option |
|---|---|---|---|
|
1 |
Server certificate registration officer |
In Identity Manager, selects a server and clicks Request P12 certificate. If needed, edits the certificate data. |
- |
|
2 |
Identity Manager |
Checks if there are already installed certificates on the server. If there are, the old certificates can optionally be locked. |
- |
|
3 |
Server certificate registration officer |
If existing server certificates were found, selects to lock them or not. |
- |
|
4 |
Server certificate approver |
Approves the certificate request. |
No approval step. |
|
5 |
Identity Manager |
Requests a PKCS#12 software token and generates a password. |
- |
|
6 |
CA |
Issues a PKCS#12 token. |
- |
|
7 |
Identity Manager |
Stores the certificate details and distributes the PKCS#12 token by email or for download, depending on the server configuration in Identity Manager. Displays the password. |
- |
|
8 |
Downloads the PKCS#12 token from Identity Manager or receives it in an email. Installs the certificate on the server. Notes the displayed password. Confirms in Identity Manager that the certificate installation was successful. |
- |
|
|
9 |
Server responsibles |
Gets an email notification. |
- |
Technical reference
|
Option |
Process |
|---|---|
|
Request P12 certificate with approval |
ScmProcIssueServerCertP12 (see image) |
|
Request P12 certificate without approval |
ScmProcIssueServerCertP12WithoutApproval |