This article will provide an example on how to configure the vSEC:CMS to use PKCS12 files (or pfx files) that can be issued to a smart card token during the issuance process.
1. From the Options - Connections - Certificate Authorities click the Add button.
2. Enter a template name and select PKCS12 from the drop-down list.
3. Click the Get button to select a PKCS12 file to allow the vSEC:CMS to automatically detect the CA issuer DN. Browse to the location of the PKCS12 file and enter the password for the PKCS12 file.
4. Click the Get button to select a default location that the vSEC:CMS will search for PKCS12 files during the issuance process.
5. Enter a passphrase for PKCS12 files if a default passphrase is used for all PKCS12 files that are to be imported during the issuance when the vSEC:CMS is configured to use a PKCS12 certificate database already configured (see the article Configure PKCS#12 Certificate Database for details).
6. From Templates - Card Templates edit the Issue Card section and in the Enroll certificate(s) section select the PKCS12 connection template already added above.
7. A P12 Settings button will appear when the PKCS12 connection is used for issuing the certificates. Click the P12 Settings button to configure additional settings. Enable the Show configuration dialog during issuance checkbox if it is required to present a configuration dialog during the issuance (see step 10 below).
If Show configuration dialog during issuance is enabled then enable the Allow manually adding new containers checkbox if it is to be allowed to manually import a PKCS12 certificate into a container that is not already assigned to be used during the issuance process.
If Show configuration dialog during issuance is enabled then enable the Allow empty containers checkbox if it is allowed to issue the smart card even if there is no PKCS12 file imported during the issuance flow.
Enable the Verify User and Issuer DN checkbox if the subject and issuer DN of the certificate in the configured PKCS#12 needs to be verified against the issuer DN as configured in the CA connection template and the selected user DN. This option will be available if the Fail issuance if one P12 was not found or is not valid is enabled.
Enable the Fail issuance if one P12 was not found or is not valid checkbox if the issuance should fail if the configured PKCS#12 file is not found or the verify user DN and issuer DN fails or the password provided for the PKCS#12 was not valid.
8. Save the template and close.
9. From the Lifecycle page issue the smart card as normal.
10. If the option Show configuration dialog during issuance is selected from step 7 then at the Import PKCS12 Files dialog select the container that the PKCS12 file will be imported into. From the Status column you can see which containers have been assigned. This will be Empty until a PKCS12 file is assigned. Additionally, the role DN for the container will be already assigned based on what the selected user DN who the smart card is to be issued to. The details on the certificate template that the PKCS12 file will be connected to are also displayed. Select a container and click the Edit button to add the PKCS12 file that is to be imported. Once all containers are assigned click the Ok button to complete the issuance.