Card operations
You can manage a user's cards in their profile under the Assigned cards section.
Card operations
Issue
How to issue certificates
Assign
How to assign cards to users
Reset user PIN
How to reset a user PIN
Unlock
How to unlock a card in online and offline modes
Disable and enable
How to disable and enable a card
Revoke
How to revoke a card
Withdraw
How to withdraw a card from a user
Replace
How to replace a card temporarily or permanently
Update
How to update card contents
Issue and print image or text
How to issue a card with a printed image or text
Card menu
The card menu displays the following information:
- Card status
- Comment
- Policy applied to the card
- Revocation reason, if the card was revoked
- Agent bound to the card
- Administrator PIN
- Tags
- Certificates stored on the card: managed, tracked, and common.
Allow users viewing card contents in the Self-Service
You can allow or prevent users from viewing card contents. If granted access, users can view certificates stored on the card and print certificate documents.
To configure the permission:
- Open the Configuration section, navigate to the policy settings and go to Workflow → User permissions → Issued card operations.
- Enable the View Contents option.
Certificate types
Managed certificates
Managed certificates are generated based on the templates configured for integrated Certification Authorities (CAs) and issued by the CAs through Axidian CertiFlow. Certificate templates are configured in policy settings (PKI Settings).
You can issue, renew, revoke, and track the validity and status of managed certificates. Axidian CertiFlow retrieves information about the certificate or certificate request status from the CA.
Tracked certificates
Tracked certificates are third-party certificates stored on the card. The information about tracked certificates is imported into Axidian CertiFlow when you issue or update a card. Certificates from the external CAs cannot be issued, renewed, or revoked through Axidian CertiFlow, but you can verify the certificate issuer information and validity period.
Configure certificates tracking
To display information about third-party certificates in the card menu, configure tracking for third-party certificates.
- Open the Configuration section, navigate to the policy settings and go to Workflow → General permissions.
- Enable the Search for certificates when card is issued or updated to track validity period option.
Configure tracked certificates expiration alerts
Notify users and administrators when tracked certificates are about to expire.
- Open the Configuration section, navigate to the policy settings and go to Notifications.
- Create a notification for the Traced certificates are expiring event.
Print certificate forms
You can print tracked certificates from both the Management Console and the Self-Service using the default certificate print templates.
Common certificates
Common certificates are third-party certificates available to multiple users. You can write a common certificate to a card when you issue or update the card.
To write a common certificate to multiple users' cards:
- Open the Configuration section, navigate to the policy settings and go to PKI Settings → Common certificates.
- Click Add common certificate, upload a PFX-file, enter the file password and click Add.
Configure common certificates expiration alerts
Notify users and administrators when common certificates are about to expire.
- Open the Configuration section, navigate to the policy settings and go to Notifications.
- Create a notification for the Common certificates are expiring event.
Certificate status
| Certificate Status | Description |
|---|---|
| Valid | The certificate's validity period has not expired. The certificate is ready for use. |
| Revoked | The certificate has been revoked. Revocation can be temporary or permanent. In case of a temporary revocation (for example, after a card has been diabled), the certificate's validity is suspended while the card is off. After the card is enabled, the certificate becomes valid again, provided it did not expire while the card was off. In case of a permanent revocation (for example, after you revoked a certificate or a card), you cannot use the certificate. |
| Expiring | The certificate's validity period will end soon. Renew the certificate if you intend to continue using it. |
| Expired | The certificate's validity period has ended. The certificate is not ready for use. You can renew the certificate for a period equal to its original validity period, as defined in the certificate template in the CA. For more information, see Certificate renewal. |
| Error | Axidian CertiFlow could not determine the certificate's status. The CA might be unavailable. The certificate is not ready for use. |
| Approved | The administrator has approved the certificate request, but the certificate has not yet been issued to the user. |
| Rejected | The administrator has rejected the certificate request. |
| Pending | The certificate request is awaiting approval from the CA operator or the certificate form is awaiting approval from the Axidian CertiFlow administrator. |
Export certificate documents
You can save the certificate request form, the certificate form, and the certificate revocation request as PDF files and email them to a user.
To export a certificate document, click 
next to the required certificate and select a document. To email a certificate document to a user, click 
and select a document.