4.5 Adding a certificate authority

Once you have installed the MyID web service for the remote Microsoft CA, you can set up new CAs within MyID that point to this service and the Certificate Authorities it can access.

You can set up multiple CAs using the same web service.

To set up a new CA:

  1. From the Configuration category, select Certificate Authorities.
  2. Click New.

  3. From the CA Type drop-down list, select Microsoft Enrollment.

  4. Set the following options:

    • CA Name – The name of the CA. This is used to identify the CA within MyID.

    • CA Description – The description of the CA.

    • Retry Delays – A semi-colon separated list of elapsed times, in seconds.

      For example, 5;10;20 means:

      • If the first attempt to retrieve details from the CA fails, a second attempt will be made after a 5 second delay.

      • If this second attempt fails, the CA will be contacted again after 10 seconds.

      • Subsequent attempts will be made to retrieve information every 20 seconds, until a response is received.

      If you want to limit the number of retry attempts, enter 0 as the last number in the sequence.

      The default is:

      15;60;60;60;60;120;180;360;3600;86400;0

      This retries after 15 seconds, then after a minute four times, then two minutes, three minutes, six minutes, an hour, 24 hours, then stops.

    • CA Path – The path of the CA relative to the server on which the service is installed.

      For example:

      MYSERVER\CANAME

      or:

      MYSERVER.EXAMPLE.COM\CANAME

    • Web Service URL – The URL of the MyID web service. For example:

      https://myserver/myidmscaenrollment/myidmscaenrollment.asmx

    • SSL client certificate – If you are using two-way SSL, the path to the SSL certificate on the MyID application server.

    • Certificate Store – Type the name of the certificate store used for the enrollment agent certificate. The default is:

      edefice

    • Password – The password for the SSL certificate.

    • Enable CA – Make sure this option is selected. If you deselect this option, the CA will not be available within MyID.

  5. Click Save.

Important: Make sure that you specify the CA machine name correctly in the CA Path for the CA's entry in the Certificate Authorities workflow. If you specify the name incorrectly, the CA will not appear in the drop-down list of CA names.