11.5 Setting up a credential profile for soft certificates

Note: You can select certificate policies for soft certificates only if they have a Certificate Storage option of Software or Both set in the Certificate Authorities workflow.

To set up a credential profile for issuing soft certificates:

  1. From the Configuration category, select Credential Profiles.
  2. Choose one of the following options:

    • Select a profile to modify and click Modify.
    • Select a profile to use as the basis for a new profile and click Copy.
    • Click New to create a new profile.
  3. Type a Name and optional Description for the credential profile.
  4. In Card Encoding, select Software Certificates (Only).
  5. Click Issuance Settings.

    Set the following options:

    • Validate Issuance

      If you set this option, certificates issued using this profile will require a validation of the request.

    • Validate Cancellation

      If you set this option, certificates issued using this profile will require secondary authorization when you cancel them.

  6. Click PIN Settings and PIN Characters to specify the format of the passwords used to protect PFX files containing the certificates.
  7. Click Mail Documents to specify the document sent to the user when the certificate is issued, if required.
  8. Click Next.
  9. From the list of available soft certificates, select the certificates you want to issue.
  10. From the Storage Method list, select where you want the certificate to be stored:

    • Local Store – the certificate is stored automatically in the certificate store of the logged-on user.
    • Password Protected PFX File – the certificate is exported to a password-protected PFX file, which you can then install into a user's certificate store.

      You can use the following characters in PFX passwords:

      a-zA-Z 0-9 ! \ " # $ % ' ( ) * + - . / : ; = ? @

      Note: You cannot use spaces.

    • Choose During Issuance – you can choose between the Local Store and PFX options when you issue the certificates.

      Note: If the certificate is not archivable, you cannot select Choose During Issuance.

  11. Click Next.
  12. Select the roles that can request this credential profile, the roles to which you want to be able to issue it, and the roles you want to be able to validate it.
  13. Click Next.