14.1 Collecting a soft certificate
You can collect a soft certificate request for yourself or for another person. You can save the certificates to your Personal certificate store, to a selected file location, or automatically to an attached USB device, depending on how the soft certificate credential profile is configured. The soft certificates are saved as PFX files.
Note: By default, when MyID issues software certificates, it encrypts the passwords protecting the PFX files using AES256/SHA2. However, some Operating Systems do not support this modern security standard, which creates a problem when importing the certificates onto these; for example, any Apple OS (macOS or iOS), any Windows Server OS lower than Windows 2019, and any Windows client OS lower than Windows 10 build 1709. If you want to import software certificates onto an OS that does support not the encryption of PFX files using AES256/SHA2, you must set the Use SHA1 encryption for certificates issued as PFX files option in the Server tab of the Security Settings workflow to Yes.
You can also print a transport document for the soft certificate request.
Important: Saving soft certificate packages and printing transport documents requires the MyID Client Service to be running.
To collect a soft certificate request:
- 
                    Search for a request, and view its details. See section 6.1, Searching for a request. You can display the Type field from the Additional search criteria and select the Request a soft (browser) certificate for a user option from the drop-down list. You can also view a request from any form that displays a link to the request. For example: - Click the entry in the list of requests in the Requests tab of the View Person form.
- Click the entry in the list of requests in the Device Requests tab of the View Device form.
- View the screen that appears automatically after you have requested a device, assuming that the request does not need to be approved by another operator first.
 
- 
                    Click the Collect option in the button bar at the bottom of the screen. You may have to click the ... option to see any additional available actions. If this option is not available, the request cannot be collected; for example, it may require validation. The Collect Soft Certificates screen appears. 
- 
                    If the credential profile requires a user-specified PIN, type the password in the Set Certificate Password and Verify Certificate Password fields. Otherwise, MyID generates a password on the server for .pfx files. This password is not displayed on screen; you must set up a PIN mailing document to provide this password to the user. Note: If there are multiple certificate files in the soft certificate package, they all use the same password. 
- 
                    Click Download. The MyID Client Service must be running on your PC. - 
                            If a certificate policy is configured for FileStore, select the folder on your PC where you want to save the .pfx file. Note: If the folder already contains certificate files, a warning is displayed: If you ignore this warning and continue, if the folder contains a .pfx file with the same automatically-generated name, MyID overwrites the older file without further warning. Alternatively, you can change the folder, or cancel the operation. 
- 
                            If a certificate policy is configured for AutoSave, MyID scans your PC for an empty USB drive. Insert an empty USB drive into your PC. As soon as MyID detects an empty USB drive, it saves the .pfx file to that drive. If you have a USB drive attached that has files on it, and delete the files, MyID detects the newly-empty drive and saves the .pfx file. 
- 
                            If a certificate policy is configured for SystemStore, MyID saves it to the Personal store of the logged-on Windows user automatically. 
 Note: If you cancel the folder selection or the USB find dialog, MyID deletes any .pfx files it has already created, but any certificates written to the Personal certificate store are not removed. You can attempt to download the certificates again; MyID obtains new certificates. Any certificates that were not fully collected are revoked automatically a short time later. The file names used for the certificate .pfx files are generated automatically. You can customize the format; see section 14.3, Customizing certificate file names. 
- 
                            
- 
                    If you have a transport document configured for the soft certificate package, click Print. You can use transport documents to provide covering letters for the certificate package; for example, if you are distributing the certificate package on USB drives. Do not include the password in the transport document; you are recommended to provide the password in a PIN mailing document sent separately for security reasons. Note: You cannot print a transport document until you have successfully downloaded the certificates. For more information on transport documents and PIN mailing documents, see section 14.2, Printing mailing documents for a soft certificate package. 
- 
                    Once you have downloaded the certificates, and printed the transport document if required, click Close.   



