6.3 Enabling certificates on a CA

All certificate policies are detected when you add the CA to MyID, but they are all initially disabled. You can enable the specific policies you want to use.

To enable certificate policies for a CA:

  1. From the Configuration category, select Certificate Authorities.

  2. Set the CA Name to a configured Certificate Authority from the list.

  3. Click Edit.

  4. Make sure Enable CA is selected.
  5. From the list of Available Certificates, select the Certificate Policy you want to work with.
  6. To enable the certificate, click Enable (Allow Issuance).

  7. Edit the certificate policy options.

    The available attributes depend on the CA you are using. They may include: key length, duration, the certificate lifetime, whether the certificates can be issued to hardware (written to cards or tokens), as soft certificates (stored as a file on the computer), or both.

    Note: MyID expects a certificate policy to have a single key algorithm and key size (for example, RSA 2048). Within the Certificate Authorities workflow, the Key Algorithm option for a certificate policy shows a single combination of algorithm and key size. You must ensure that this matches the settings for the certificate policy on the CA.

    See your CA integration guide for details.

    Note: If you have set up an external system using the REST Certificate Added notification, the following additional options appear:

    • External Notification Data – type the object ID of the certificate policy on the target MyID CMS system under which you want to import the certificate.

    • External System Notifications – select the notifications you want to trigger when a certificate using this policy is added to the system. The box lists all of the external systems you have set up with a Notification type of Rest Certificate Added. If you want to trigger the notification to multiple systems, hold CTRL or SHIFT and click to select multiple items in the list.

    See the REST Certificate Added section in the REST Web Service Notifications guide for details of configuring these notifications.

  8. Click Save.

Note: Changes made to certificate policies do not take effect immediately, as the normal interval for MyID to poll for updates is 50 minutes. To force MyID to poll for changes immediately, you must manually restart the eKeyServer service, and then restart the eCertificate service.