Middleware
With Axidian CertiFlow Middleware you can manage cards in Axidian CertiFlow.
To use Axidian CertiFlow Middleware, install card and reader drivers and other service tools on user workstations. This software is not included in the Axidian CertiFlow installation package.
Install Middleware on Windows
Different card types require different Axidian CertiFlow Middleware files.
Run the AxidianCertiFlow.<card type name>.Middleware.<version number>.en-us.msi file from the AxidianCertiFlow.Client catalog of the Axidian CertiFlow installation package and follow the wizard instructions.
The following table shows which Axidian CertiFlow Middleware file corresponds to each manufacturer and card model.
| Manufacturer | Card model | Middleware file |
|---|---|---|
| ACS | ACOS5-64 | AxidianCertiFlow.ACOS.Middleware-<version number>.en-us.msi |
| Avest | Avest Key 256A | AxidianCertiFlow.Avest.Middleware-<version number>.en-us.msi |
| Axidian | AirCard virtual smart card | AxidianCertiFlow.AirCard.Middleware-<version number>.en-us.msi |
| Bit4id | ID-One Cosmo | AxidianCertiFlow.Bit4Id.Middleware-<version number>.en-us.msi |
| CRYPTAS | TicTok V2/V3 | AxidianCertiFlow.TicTok.Middleware-<version number>.en-us.msi |
| Cryptovision | ePasslet Suite v3.0, JCOP V3.0 | AxidianCertiFlow.Cryptovision.Middleware-<version number>.en-us.msi |
| Feitian | ePass2003 (A1+, A2) BioPass2003 | AxidianCertiFlow.ePass.Middleware-<version number>.en-us.msi |
| HID | Crescendo C1150 Series Crescendo C1300 Series Crescendo C2300 Series | AxidianCertiFlow.HID.Middleware-<version number>.en-us.msi |
| Microsoft | Local Computer Certificate Store User Certificate Store | AxidianCertiFlow.Registry.Middleware-<version number>.en-us.msi |
| TPM Virtual Smart Card (Microsoft VSC) | AxidianCertiFlow.TPM.Middleware-<version number>.en-us.msi | |
| Windows Hello for Business (WHfB) | AxidianCertiFlow.WHfB.Middleware-<version number>.en-us.msi | |
| RSA | RSA SecurID 800 | AxidianCertiFlow.RSA.Middleware-<version number>.en-us.msi |
| Thales (SafeNet and Gemalto) | SafeNet eToken PRO 32k SafeNet eToken PRO 64k eToken PRO Java 72K OS755 SafeNet eToken 5105 SafeNet eToken 5110 IDCore30B eToken 1.7.7 | AxidianCertiFlow.eToken.Middleware-<version number>.en-us.msi |
| IDPrime MD 830 FIPS IDPrime MD 830B FIPS IDPrime MD 840B IDPrime 930 IDPrime 930nc IDPrime 940 IDPrime 940B IDPrime MD 3810 IDPrime MD 3811 IDPrime 3930 IDPrime 3940 IDPrime 3940 FIDO SafeNet eToken 5300 SafeNet eToken Fusion SafeNet eToken Fusion CC SafeNet eToken 5110 CC (940) | AxidianCertiFlow.IDPrime.Middleware-<version number>.en-us.msi | |
| Yubico | YubiKey 5 Series | AxidianCertiFlow.YubiKey.Middleware-<version number>.en-us.msi |
Install Middleware on Linux
To install Axidian CertiFlow Middleware, run the following command.
sudo dpkg -i certiflow.middleware_<version number>_amd64.deb
sudo rpm -i certiflow.middleware-<version number>.x86_64.rpm
Axidian CertiFlow for Linux supports SafeNet eToken cards using a single Middleware component.
| Manufacturer | Card model |
|---|---|
| Thales (SafeNet и Gemalto) | SafeNet eToken PRO 32k SafeNet eToken PRO 64k eToken PRO Java 72K OS755 SafeNet eToken 5105 SafeNet eToken 5110 IDCore30B eToken 1.7.7 |
Install Middleware browser extension
Install the Axidian CertiFlow Middleware browser extension on administrator, operator, and user workstations for access to Axidian CertiFlow web applications.
Google Chrome, Chromium
- Launch your browser and navigate to the extensions page:
chrome://extensionsfor Google Chrome and Chromium. - Open the AxidianCertiFlow.Client-v<version number>\certiflow.middleware.chrome.extension catalog.
- Upload the CRX file in the browser's extensions page.
- Click Add extension in the pop-up window.
Mozilla Firefox
- Launch your browser and navigate to the add-ons page:
about:addons. - Click
and select Install Add-on from file…. - Upload the certiflow.middleware-1.0.xpi file from the AxidianCertiFlow.Client-<version number>\certiflow.middleware.chrome.extension catalog and click Open.
- Click Add in the pop-up window..
Configure Registry cards support
Configure Registry cards support using Windows Group Policies or the Windows Registry (for workstations outside a Windows domain).
- Windows Group Policies
- Windows Registry
To enable Axidian CertiFlow users to issue Registry cards in the Self-Service and write the certificates to the Local Computer Certificate Store or User Certificate Store, configure a Group Policy Object (GPO). This procedure installs the necessary administrative templates and applies the policy to the user workstations.
Copy the contents of the AxidianCertiFlow.Client\Misc\ catalog to your central ADMX file store. The standard location on a domain controller is C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions.
infoIf you use a local ADMX store instead, copy the files to C:\Windows\PolicyDefinitions.
Open the Group Policy Management console.
In the console tree, create a new GPO or select an existing GPO that applies to the target user workstations.
Right-click the GPO and select Edit.
In the Group Policy Management Editor, go to Computer Configuration → Policies → Administrative Templates → Axidian CertiFlow → Client.
Enable the following policies:
- Enable 'Registry' card (Machine) to issue certificates to the Local Computer Certificate Store.
- Enable 'Registry' card (User) to issue certificates to the User Certificate Store
Link the edited GPO to the Organizational Unit (OU) or security group that contains the workstations of the Axidian CertiFlow users.
Select Apply.
Force a policy update on the target workstations or wait for the next refresh cycle.
If the Axidian CertiFlow server and user workstations are outside a Windows domain, configure the registry on each client workstation.
Create a REG file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\AxidianCertiFlow\Client]
"MachineRegistryCardEnabled"=dword:00000000
"UserRegistryCardEnabled"=dword:00000000
MachineRegistryCardEnabled: Set the value to 1 (dword:00000001) to enable certificate issuance to the Local Computer Certificate Store.UserRegistryCardEnabled: Set the value to 1 (dword:00000001) to enable certificate issuance to the User Certificate Store.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\AxidianCertiFlow\Client]
"MachineRegistryCardEnabled"=dword:00000001
"UserRegistryCardEnabled"=dword:00000001
In this example, Registry cards are configured to be issued to both the Local Computer Certificate Store and the User Certificate Store.