2.9 Encryption key recovery

When using a CA with certificate templates configured for encryption key recovery, the MyID application server must trust the issuing CA. It must also be able to resolve and access the CA Certificate Revocation List (CRL).

To enable this, import the CA certificate into the Trusted Root Certificate Authorities store and ensure that the URL specified in the CA certificate for the CRL is available and can be accessed by the MyID application server.

Note: If your MyID system has been upgraded from a pre-8.0 SR1 system, the trust must exist between the client card issuance station and the issuing CA as well as between the MyID application server and the issuing CA.