On a configurable interval (using batch synchronization), Identity Manager runs an expiry check to detect all virtual smart card certificates that will expire within the coming period.
Standard workflow
|
|
Actor |
Action |
Option |
|---|---|---|---|
|
1 |
Identity Manager |
Identity Manager automatically runs the Expiry check. Certificates that will expire in the coming period will be detected. Each user will receive an email with instruction for renewal. |
- |
|
2 |
Virtual smart card user |
Logs in to the Smart ID Self-Service. Checks the open tasks to renew virtual smart card. Clicks Start renewal. |
- |
|
3 |
Identity Manager |
Removes expired authentication and signing certificates from the card. Keeps and reuses old encryption certificates. |
- |
|
4 |
Smart ID Desktop App |
Starts and activates a new smart card profile. |
- |
|
5 |
Virtual smart card user |
In Smart ID Desktop App: Enters a PIN. Confirm the PIN entry. |
- |
|
6 |
Smart ID Desktop App |
Creates key pairs on the trusted platform module (TPM). |
- |
|
7 |
CA |
Issues certificates. The certificates are stored in Identity Manager and on the TPM. |
- |
|
8 |
Virtual smart card user |
In Smart ID Desktop App: Confirms the new certificates. |
- |
|
9 |
Identity Manager |
In Smart ID Self-Service: Displays the new virtual smart card in Cards tab and the new certificates in the Certificates tab. |
- |
Technical reference
-
PcmProcRenewVirtualSmartcard
Sub-processes
-
PcmSubProcCreationOfVSC
-
PcmProcChangeStateOfCertificatesSuperseded