3.1 Setting the content signing certificate

MyID must be able to sign the content for the mobile IDs before issuing them to mobile devices. Before MyID can use a certificate to sign the mobile IDs, the certificate must be available to the MyID COM user account.

  1. On the MyID application server, log on using the account that you use to run the MyID components.

  2. Request a certificate. You can issue a certificate from any certificate authority as long as it is available to CAPI or CNG.

    Notes:

    • Do not enable strong private key protection on the certificate, as this will prevent processing of the request by the MyID account.

    • By default, MyID uses SHA256 as the hashing algorithm when signing using this certificate. The certificate that you use for signing must therefore have been produced using a KSP or CSP that supports SHA256.

  3. Once the certificate has been generated, install and save it as a .cer file (in binary format). You must save it in a location accessible to the MyID application, so save it to the Components folder within the MyID installation folder.

    Note: You may need administrative privileges to save files to this area.

  4. Enter the filename of the certificate in the system registry.

    Note: You must log in as a user with sufficient privileges to edit the registry.

    If the keys and values do not already exist, you must create them.

    1. From the Start menu, click Run and type regedit in the dialog displayed. Click OK.

    2. Navigate to:

      HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\ContentSigning

    3. Check that the value of the following string is set:

      • Active – set to WebService

    4. Set the value of the following string to the full path of the certificate on the application server:

      • WebService

      For example:

      C:\Program Files\Intercede\MyID\Components\mycert.cer

An example .reg file for setting the content signing certificate might be:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\ContentSigning]
"WebService"="C:\\Program Files\\Intercede\\MyID\\Components\\mycert.cer"
"Active"="WebService"