Certificate policies allow certificates to be used as an alternative method of user authentication that does not require a physical product, and is available for selection as an authenticator for logon steps.

The policy can be found by navigating to "Administration | Policies", then scrolling down to the policy "Certificate system policies";


The certificate system policy settings can be edited by using the context menu option "Edit";


A new window will now open titled "Policy - Edit" that can be used to view and edit the policy settings for this policy;




The category for this policy is "Certificate" (this property cannot be edited).

The holder of this policy is "System" (this property cannot be edited).

The name assigned to identify the lockout system policy by the System Administrator.

The System Administrator may use this field to annotate this policy.

This option allows the System Administrator to enable or disable this policy.


The validity period (in days) for the certificate.


  • Accept
    Accept request for certificate.

  • Deny
    Deny request for certificate.

 


This option defines whether to store external user's certificate in LDAP.

The expandable section provides certificate activation related parameters as follows;

Certificate Activation




  • Automatically activate the certificate when created or assigned
    When the certificate is created or assigned to the user it will be automatically activated.

  • Send Activation Code to the user when created or assigned
    When the certificate is created or assigned to the user an activation code will be sent to the user.

  • Do Nothing
    When the certificate is created or assigned to the user the certificate will not be activated and no activation code will be sent to the user.


This option defines whether users are allowed to request activation code or not.



This parameter is used to customise the contact message that is sent to the user providing instructions on how to activate their certificate.

  • No labels