Certificate enrollment procedures

These procedures describe certificate enrollment to a token without any extra input criteria, for example, no signature or identification. Net iD Portal supports different ways to configure an enrollment flow to suit your organization.

Standard smart card

  1. On the Users tab, search for the user you want to enroll a certificate to and go to the user’s profile.
    image

  2. Click Manage  Enroll primary card.
    image

  3. In the Token template list, click the token template to be used for the enrollment, and then click Execute.
    image

  4. Enter a new security code for the smart card to be enrolled.
    image

  5. Sign the enrollment with the signature PIN.
    image

  6. The certificate is created and written to the smart card.
    image

  7. The user record now shows active tokens that have been enrolled in Net iD Portal.
    image

  8. Click Manage  View on the token to see information about the certificates.
    image

Mobile

  1. On the Users tab, search for the user you want to enroll a certificate to and go to the user’s profile.
    image

  2. Click Manage  Enroll to Net iD Access.
    image

  3. Click Execute and follow the instructions.

  4. An activation code is generated. The activation code can also be sent by email to the user.
    image

  5. The user opens the Net iD Access app on their mobile phone and selects Create new e-identity. The user enters the activation code and a new security code for their mobile identity, and then completes the enrollment.
    image image image image
    image image image image

YubiKey

  1. On the Users tab, search for the user you want to enroll a certificate to and go to the user’s profile.
    image

  2. Click Manage  Enroll primary card.
    image

  3. In the Token template list, click the token template to be used for the enrollment, and then click Execute.
    image

  4. Enter a new security code for the YubiKey to be enrolled.
    image

  5. The certificate is created and written to the YubiKey.
    image

  6. The user record now shows Active tokens and the enrolled YubiKey.
    image

  7. Click Manage  View on the YubiKey to see information about the certificates.
    image

Server

  1. On the Server tab, search for the server you want to enroll a certificate to and go to the server’s profile.
    image

  2. Click Manage  Enroll server certificate.
    image

  3. In the Certificate template list, click the certificate template to be used, and then click Open to open the certificate request that was previously created by the server. Click Execute.
    image

  4. Sign the server certificate enrollment with the signature PIN.
    image

  5. The certificate is approved and is available for download. Click Save.
    image

  6. The server record now shows the enrolled certificate.
    image

  7. Click View to see information about the certificate.
    image