Manage smart credential certificates

Once you activate a mobile smart credential for a Certificate Authority, you can manage the certificates issued to the smart credential. See Manage Certificate Authorities for more information.

How certificate revocation works

Certification revocation occurs as follows:

●       Deleting a smart credential or deleting a user assigned a smart credential permanently revokes all certificates associated with the smart credential.

●       Unassigning a smart credential permanently revokes all verification certificates associated with the smart credential.

●       Disabling a user with assigned smart credentials revokes for hold all verification certificates associated with the smart credential.

●       Enabling a user with  assigned a smart credentials takes all verification certificates associated with the smart credential off hold.

Note: When performing these operations, if the certificate revocation operation fails for any reason, the entire IDaaS action (for example, deleting a smart credential) also fails. For example, if you try to delete a smart credential for a user and the CA is not running, certificate revocation fails and the smart credential of the IDaaS user is not be deleted. To avoid this from happening, when you add a Certificate Authority to IDaaS, enable Skip Revocation If CA Not Available. When enabled, this setting allows you to delete the smart credential from a user even if the CA is not running. (See Manage Certificate Authorities for more information).

Manage smart credential certificates

1.      Log in to your Identity as a Service administrator account.

2.      Click > Members > Users. The Users List page appears.

3.      Click the User ID for the user.

4.      Click the Authenticators tab. The Authenticators page appears.

5.      Click  to the right of the smart credential that you want to edit and click Certificates. The Certificates for User page appears.

The Certificate for User page lists all the certificates (digital IDs) issued to the user's smart credential.

6.      Do the following, as required:

a.      Click to view the certificate details.

b.      Click to revoke the certificates associated with the smart credential. The Revoke Certificate prompt appears. Click Revoke.

Note: You might want to do this if, for example, the smart credential has been compromised. You cannot undo revoking a certificate.

c.       Click to put a certificate on hold. The Hold Certificate prompt appears. Click Hold.

Note: You might do this is the user has misplaced their mobile device that contains the mobile smart credential app.

d.       Click  to take a certificate off hold and then click Unhold on the Unhold Certificate prompt.

e.      Click  next to the certificate to export the certificate for a smart credential.

7.      Click Close to close the Certificates for User page.