6 Certificate authorities

MyID can integrate with a Certificate Authority (CA) provided by one of a number of vendors. For a full list of the currently supported CAs, see the Certificate authorities section in the Installation and Configuration Guide.

You must install and configure the CA that you are going to use to issue and manage certificates before you install MyID.

Note: Integration with a CA is optional. You can skip this section if you do not want to issue certificates through MyID.

Warning: Instructions for configuring MyID to work with a specific CA are provided in the relevant integration guide. This document provides only general instructions.

MyID supports certificates issued to hardware (written to smart cards or tokens) or soft certificates (stored in an individual’s certificate store on the local machine). It may be possible to issue some certificates as both hard and soft certificates.

Normally, soft certificates are issued directly to the person to whom they relate, as that person must be logged on to the computer for the certificate to be written to the correct certificate store. MyID provides the facility for an operator to request a soft certificate on someone’s behalf, save it to file, and then send it to the named person by any suitable method, such as email.

MyID automatically detects the presence of a Microsoft Certificate Services CA (if support was selected during installation). You must manually create a connection for all other CAs.

All certificate policies are initially disabled. You must manually enable the CA and the particular certificate policies that you want to issue.