locked
How to add certificates to existing smart card without initializing,FIM CM 2010 RRS feed

  • Question

  • Hello

    My Enrollment procedure creates 2 cetificates in the smart card i enroll.

    Which policy in the FIMCM enables me to add another set of cetificates in the same smartcard consistently

    without replacing, revoking or changing the rest of the smartcard's content.

    In the end of the day i need to see in the smartcard content: differents certificates for different users

    Thanks

    G.


    • Edited by Galitbs123 Wednesday, February 27, 2013 7:40 AM
    Tuesday, February 19, 2013 3:11 PM

All replies

  • Hello

    My Enrollment procedure creates 2 cetificates in the smart card i enroll.

    Which policy in the FIMCM enables me to add another set of cetificates in the same smartcard consistently

    without replacing, revoking or changing the rest of the smartcard's content.

    In the end of the day i need to see in the smartcard content: differents certificates for different users

    Thanks

    G.


    Hi

    Anyone can help me?!

    Thanks

    Sunday, March 3, 2013 12:01 PM
  • Hi Galitbs,

    You need to configure the profile template you have to issue the certificates you need. Please have a look at http://msdn.microsoft.com/en-us/library/windows/desktop/bb468086(v=vs.100).aspx for more info.


    Visit My Blog: http://theidentityguy.blogspot.com/

    Monday, March 18, 2013 9:03 AM
  • In FIM CM today, this is just not possible. There is a one-to-one relationship between profile templates and smart cards and profile templates have a specific set of certificate templates that are included in the profile template.

    One possible way is to have the certificates defined as external certificates within the FIM CM database and stating that the profile template includes external certificates. The problem is that you do not have full lifecycle management as you do with included (native) certificates.

    Can you at least categorize the certificates into common sets of certificates. Then you can set up a separate profile template per certificate template combination

    Brian

    • Proposed as answer by A. Luchnik Sunday, April 14, 2013 8:19 PM
    Sunday, March 31, 2013 1:56 PM