CA Strong Authentication Administration Guide › Managing Global CA AuthMinder Configurations › Configuring Profiles and Policies › Configuring CA Auth ID PKI Settings › Configure CA Auth ID PKI Credential Profile

Configure CA Auth ID PKI Credential Profile

You can use a CA Auth ID PKI profile to define the following attributes:

• Key strength: The size (in bits) of the key to be used in CA Auth ID PKI’s Cryptographic Camouflage algorithm.
• Validity period: The period for which an CA Auth ID PKI credential is valid.
• Password strength: The effectiveness of password, which is determined by a combination of the length of the password and number of alphabets, numerals, and special characters in it.

By configuring an CA Auth ID PKI profile and assigning it to one or more organizations, you can control the characteristics of CA Auth ID PKIs that are issued to users of those organizations.

Follow these steps:

1. Click the Services and Server Configurations tab on the main menu.
2. Verify that the CA Strong Authentication tab in the submenu is active.
3. Under the CA Auth ID section, click the Issuance link to display the CA Auth ID Profiles page.
4. Edit the fields in the Profile Configurations section, as required:
   • Profile Configurations:

   Create

   If you choose to create a new profile, then:

   • Select the Create option.
   • Specify the Configuration Name of the new profile in the field that appears.

   Update

   If you choose to update an existing profile, then select the profile that you want to update from the Select Configuration list.

   Copy Configuration

   Enable this option if you want to create the profile by copying the configurations from an existing profile.

   Note: You can also copy from configurations that belong to other organizations that you have scope on.

   Available Configurations

   Select the profile from which the configurations will be copied.

   Key Length (in Bits)

   Specify the size of the key (in bits) to be used for encryption. The default value is 1024 bits.

   Validity Start Date

   Specify the date from which the issued CA Auth ID PKI credential will be valid.

   The validity can start from either the date when the CA Auth ID PKI is created or you can specify a specific date.

   Validity End Date

   Specify the date when the CA Auth ID PKI will expire.

   You can either specify the duration for the credential’s expiration or you can specify the specific date.

   • Password Strength:

   Minimum Characters

   Specify the least number of characters that the password can contain. You can set a value between 4 and 64 characters.

   Maximum Characters

   Specify the most number of characters that the password can contain. You can set a value between 4 and 64 characters.

   Minimum Alphabetic Characters

   Specify the least number of alphabetic characters (a-z and A-Z) that the password can contain.

   This value must be lesser than or equal to the value specified in the Minimum Characters field.

   Minimum Numeric Characters

   Specify the least number of numeric characters (0 through 9) that the password can contain.

   Minimum Special Characters

   Specify the least number of special characters that the password can contain. By default, all the special characters excluding ASCII (0-31) characters are allowed.

5. Expand the Advanced Configurations section.
6. In the Additional Attributes section, specify any extra information (unsigned attributes) that you pass for the CA Auth ID PKI credential in the Name-Value pair format.

   For example, if you want to lock the CA Auth ID PKI to a specific device, say the end user’s system, then you use this section to send this extra information as listed:

   devlock_required

   Value: yes

   devlock_type

   Value: hd

   Note: See the CA Auth ID Client Reference Guide for more information about what extra information you can specify here.

   If you want to specify more attributes, click Add More to display extra fields, one at a time.

7. In the Custom Attributes section, specify any extra information in the Name-Value pair format. For example, the organization information that can be used by plug-ins.
8. Set the following in the User Validations section:
   • Select the User Active option if you want to verify the user status for the following operations involving the current credential:
     • Create credential
     • Re-issue credential
     • Reset credential
     • Reset validity of the credential
   • Select the User Attribute option if you want to verify whether the user attribute matches certain values. You can set the value for the following user attributes:
     • Date when the user was created
     • Date when the user details were modified
     • Email address
     • First name
     • Middle name
     • Last name
     • User status
     • Telephone number
     • Unique user identifier

   Note: The User attribute check feature is available only if you are performing configurations at the organization-level.

9. In the Multiple Credential Options section, enter the description to identify the purpose for which the CA Auth ID PKI is used in the Usage Type field. For example, a user can have a temporary credential to perform a remote login to the network, the usage type for this credential can be temporary.
10. The History Validation section enables you to enforce users to not reuse the old CA Auth ID PKI passwords. You can select any of the following options:
    • Last <N> Passwords: Select this option, if you want the current CA Auth ID PKI password to be different from the last <n> passwords.
    • Password Created in Last: Select this option, if you want the current CA Auth ID PKI password to be different from the passwords that are used in the specified duration.
11. Click Save to create or update the CA Auth ID PKI profile.
12. Refresh all deployed CA Strong Authentication instances. See Refresh a Server Instance for instructions about the procedure.