User Certificate

Last updated 4 months ago

Was this helpful?

User Certificate

SCEPman Enterprise Edition only

This feature requires version 2.4 or above

You can manually generate X.509 user certificates including a private key via the SCEPman Certificate Master Web UI. Those certificates can be used in various certificate-based authentication (CBA) scenarios, for smart cards and email signatures. By default, generated certificates will have the EKU Client Authentication and a Subject Alternative Name (SAN) set to a UPN-type property where the value matches the UPN provided in the UI.

To generate a new User Certificate, navigate to New User Certificate in the SCEPman Certificate Master top menu. Enter a UPN for the certificate and select the required EKUs. Hit Submit and the browser will automatically download the certificate with the private key in PKCS#12/PFX format after the certificate is issued a few seconds later. The PKCS#12 file is encrypted with the password shown on the screen. You can import the PKCS#12 directly to the system where it is needed using the password.

Be aware that once you navigate away from this page, the password will no longer be accessible.

YubiKey

Perform below steps to enroll a smart card certificate to your YubiKey device.

Checklist: Prerequisites

Mandatory - Access to Certificate Master and a suitable role (Admin.Full , Request.All,Request.User)
Mandatory - Access to a YubiKey device with a free smart card slot
Mandatory - YubiKey Manager is installed

Steps

Open the Certificate Master web portal and click on the + icon
Select New User Certificate
Specify the UPN as per your requirements
Set the Key Length to 2048 bits (YubiKey currently does not support 4096-bit keys).
Select PKCS#12 as Download file format
Select Client Authentication and Smart card Logon from the Extended Key Usages\
Before clicking Submit, ensure to take temporary note of the Password as it will be required when importing the certificate to the YubiKey.
Open the YubiKey Manager
Navigate to Applications > PIV and click Configure Certificates\
Select Authentication (Slot 9a) and click Import
Upload the certificate that was previously generated from Certificate Master and provide the Password.
Set a Management key and click OK\

Last updated 4 months ago

Was this helpful?

SCEPman Enterprise Edition only

This feature requires version 2.4 or above

Be aware that once you navigate away from this page, the password will no longer be accessible.

YubiKey

Perform below steps to enroll a smart card certificate to your YubiKey device.

Checklist: Prerequisites

Mandatory - Access to Certificate Master and a suitable role (Admin.Full , Request.All,Request.User)
Mandatory - Access to a YubiKey device with a free smart card slot
Mandatory - YubiKey Manager is installed

Steps

Open the Certificate Master web portal and click on the + icon
Select New User Certificate
Specify the UPN as per your requirements
Set the Key Length to 2048 bits (YubiKey currently does not support 4096-bit keys).
Select PKCS#12 as Download file format
Select Client Authentication and Smart card Logon from the Extended Key Usages\
Before clicking Submit, ensure to take temporary note of the Password as it will be required when importing the certificate to the YubiKey.
Open the YubiKey Manager
Navigate to Applications > PIV and click Configure Certificates\
Select Authentication (Slot 9a) and click Import
Upload the certificate that was previously generated from Certificate Master and provide the Password.
Set a Management key and click OK\