Skip to main content
Skip table of contents

Recommended setup of Certificate Manager

The various server components of Smart ID Certificate Manager (CM) may be configured in a number of ways. Only configurations that have been verified during system testing are described in this article.

In a configuration without distributed Certificate Factory (CF) functions, all the required subsystems are located in the computer named CF. Since the Key Generation System (KGS) is a stand-alone system it has been excluded in the sample configurations.

See also High availability architecture for Certificate Manager.

Example 1: Minimum production configuration

This configuration is recommended for evaluation tests.

In addition to being a typical test environment, this configuration can also be used for a production environment.


Example 2: Alternative production configuration

This configuration shows an alternative of a production environment.

A separate CIS can be used if CA policy requires separation of functions.


Example 3: Distributed production configuration

In the distributed environment, the CF server components may be loaded into various computers in order to provide higher performance. The optimal grouping of the server components is indicated in the figure.

  • CIS (Certificate Issuing System)
  • KAR (Key Archiving and Recovery)
  • CILF (Certificate Issuing List Factory)
  • CRLF (Certificate Revocation List Factory)
  • Monitor (SNMP monitor, Simple Network Management Protocol)

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.