6.2 Connecting to a CA

You can edit an existing CA connection or create details for a new one. Configuring the certificates that can be issued is described in section section 6.3, Enabling certificates on a CA.

6.2.1 Recording a new CA

To create a CA connection:

1. From the Configuration category, select Certificate Authorities.

   You can also launch this workflow from the Connections and Notifications section of the More category in the MyID Operator Client. See the Using Connections and Notifications workflows section in the MyID Operator Client guide for details.

2. Click New.

   

3. Select the CA Type from the drop-down list.

   You can set the CA Name and CA Description for your CA.

   The rest of the options depend on the type of CA you are using.

   For information on setting the specific options for your CA, see the relevant integration guide.

4. Set the Retry Delays as a semi-colon separated list of elapsed times, in seconds.

   For example, 5;10;20 means:

   • If the first attempt to retrieve details from the CA fails, a second attempt will be made after a 5 second delay.
   • If this second attempt fails, the CA will be contacted again after 10 seconds.
   • Subsequent attempts will be made to retrieve information every 20 seconds, until a response is received.

   If you want to limit the number of retry attempts, enter 0 as the last number in the sequence.

   The default is:

   15;60;60;60;60;120;180;360;3600;86400;0

   This retries after 15 seconds, then after a minute four times, then two minutes, three minutes, six minutes, an hour, 24 hours, then stops.

5. Click Enable CA to make the CA available in MyID.
6. Click Save.

6.2.2 Editing an existing CA

To edit details for an existing CA connection:

1. Select the CA connection from the list and click Edit.
2. You can change the CA Description, Retry Delays and clear or set Enable CA.
3. Click Save.

6.2.3 Deleting a CA

You can delete a CA from the list of available CAs if you no longer need to be able to work with it, or if you created it in error.

Notes:

• You cannot delete the Unmanaged CA.

• If any credentials have been issued that use policies from this CA, you cannot delete the CA.

• If there are policies on the selected CA that are being used by existing credential profiles, you cannot delete the CA. You must first edit or delete the credential profiles that refer to this CA.

To delete a CA:

1. From the Configuration category, select Certificate Authorities.

2. From the CA Name drop-down list, select the certificate authority you want to delete.

   

3. Click Delete.

6.2.3.1 Known issues

• IKB-310 – Error when deleting a CA that has the same path as another CA

  If you erroneously add multiple CAs that have the same path, then attempt to delete one of the CAs, you may see an error similar to:

  An error occurred inside CBOL_ManageCAWeb::DeleteCA Error: 0x80046010 IDispatch error #24080 An error occurred inside CBOL_ManageCAImpl::DeleteCA Error: 0x80046010 : Multiple Records returned Info: CA not uniquely found ------------------------- Exception raised in function: CAImpl::Delete In file CAImpl.cpp at line 514 In object MyIDBOLImpl.BOL_ManageCAImpl.1

  If this error occurs, the CA entry must be deleted from the database manually. For assistance with this, contact customer support, quoting reference IKB-310.