PKI settings

In the PKI Settings section, you can define parameters for user logon to the operating system.

• Import CA certificates

  The root certificate or certificate chain of the Certification Authority (CA) is written to the card when it is issued. These certificates are not removed from the card when it is withdrawn from Axidian CertiFlow.

  info

  Make sure that the card supports writing the root certificate or certificate chain.

• Enforce smart card logon

  When a card is issued, the Smart card is required for interactive logon setting is applied to the user properties in the catalog.

  Prerequisites for the Enforce smart card logon option

  • The user catalog service account must have Write:userAccountControl permissions in Active Directory. For more information, see Active Directory user catalog configuration.

  • If you enable the Smart card is required for interactive logon option in the user's Active Directory profile, the user's domain password changes to a random value with an unlimited expiration date.

  • Before you enable the Enforce smart card logon option, ensure that the Smartсard Logon certificate template is added to the policy.

Integrate Axidian CertiFlow with a CA. You can add several CAs for a single policy or create multiple policies, each with its own designated CA.

Microsoft CA

Configure integration the Microsoft Ca

Common certificates

Add common certificates