Assigning certificates

Not only logon information but also certificates can be written to a token. Just the private part of the certificate (.p12 file) can be saved on the token. However, users then can only log on with the token. We recommend that you use PKI certificates.

You can assign authentication data to tokens as follows:

Note: CA certificates cannot be obtained from a token and stored in the database or certificate store. If you use CA certificates, these need to be available as files and not just on a token. This also applies to CRLs (Certificate Revocation List). Moreover, the CA certificates must match the CRL before users can log on to the computers concerned. Check that the CA and corresponding CRL are correct. SafeGuard Enterprise does not carry out this check! SafeGuard Enterprise can then only communicate with expired certificates if old and new keys are present on the same card.