Use case in Certificate Manager: Configure Key Archiving and Recovery without issuing certificates
When using an external CA for issuing certificates, Smart ID Certificate Manager (CM) can be used to handle Key Archiving and Recovery only, in short "KAR only". By doing this, Certificate Manager does not create or issue certificates, but rather generate, archive and recover keys for certificates created outside of the Certificate Manager installation. To enable this, you will need one token procedure for archiving and one token procedure for recovery. These procedures will then be used by the CM SDK to archive or recover keys for existing certificates. You use the Administrator's workbench (AWB) to create the procedures.
Prerequisites
-
Step-by-step instruction
KAR only - Archiving procedure
Create a certificate procedure as described in Create certificate procedure in Certificate Manager.
During the creation, note that Certificate format must be internal certificate. This is to stop Certificate Manager to issue certificates when using this procedure.
You need a key procedure for archiving. If you do not have one, creating one is described in Create key procedure in Certificate Manager.
Create a new token procedure as described in Create token procedure in Certificate Manager.
This token procedure must have only one certificate procedure: the one created in a previous step.
KAR only - Recovery procedure
You need a key procedure for recovery. If you do not have one, creating one is described in the Create key procedure in Certificate Manager.
The reuse flag is mandatory.
Create a new token procedure as described in Create token procedure in Certificate Manager.
This token procedure must not have any certificate procedures configured.