19.2 Requesting a key recovery

If you need to recover keys onto a smart card, you can use the Request Key Recovery workflow.

To request a key recovery card:

1. From the Certificates category, select Request Key Recovery.

   You can also launch this workflow from the Certificate Administration section of the More category in the MyID Operator Client. See the Using Certificate Administration workflows section in the MyID Operator Client guide for details.

2. In the Select Certificate Owner screen, type the details of the certificate owner – the person whose keys you want to recover – then click Search.
3. Select the certificate owner from the search results.
4. In the Select Key Recovery Recipient screen, type the details of the recipient – the person you want to receive the card with the recovered keys – then click Search.
5. Select the recipient from the search results.

6. If there is more than one Key Recovery Only credential profile, select the credential profile you want to use, then click OK.

   

7. Select which certificates you want to recover:

   • Recover certificates by date – specify the issuance date after which any keys will be recovered.
   • Recover a specific number of certificates – specify the number of keys you want to recover. For example, if you specify 3, the three most recent keys will be recovered.
   • Select Certificates to recover manually – select the certificates from a list of all available certificates.

8. Click Next.

   Carry out one of the following, depending on the option you selected on the previous screen:

   • Select a date. All certificates issued after this date will be recovered.
   • Type a number of certificates. That number of the most recent certificates will be recovered.
   • Use the Add button to select certificates from the Available Certificates list.
9. Type a Reason for Recovery in the text box.
10. If you are issuing a key recovery card with a randomly-generated PIN, confirm the email address to which the PIN will be sent in the PIN notification email address box.
11. Optionally, type a label in the Assign Job Label box – you can use this label to search for the recovery job in other workflows.

12. Click Next.

    If you selected a date or a number of certificates, the details of the certificates that will be recovered are displayed. If you want to make any changes, click Back.

13. Click Next.

If the credential profile you selected has the Validate Issuance option set, you must use the Approve Key Recovery workflow to approve the request. See section 19.3, Validating a key recovery request for details.

If the credential profile you selected does not have the Validate Issuance option set, you can proceed to the Collect Key Recovery workflow. See section 19.4, Collecting a key recovery job for another user for details.

• IKB-248 – Cannot cancel key recovery jobs that are awaiting issue through job management

  If you request recovery of a certificate using the Request Key Recovery workflow, once the request has been approved (or if it does not require approval) you cannot subsequently use the Job Management workflow to prevent a recipient from picking up the job.

  To cancel a key recovery job, use the Reject button on the Collect Key Recovery or Collect My Key Recovery workflow.