Integration with CipherTrust Manager
To integrate OpenPGP with the CipherTrust Manager, you need to configure SafeNet ProtectApp Cryptographic Service Provider with Microsoft Certificate Manager Tool. To do so:
Configure the CA to issue PGP User Certificate
This section describes how to create a certificate template and issuing properties for PGP user certificates. It contains the following steps:
Configuring the Certificate Templates
To configure the certificate template:
Log on to the system as a domain administrator.
From the Start menu, select Run.
In the Run dialog, type mmc and click OK.
In the mmc console that appears, select File > Add/Remove Snap-in.
In the Add or Remove Snap-Ins dialog box, find the Certificate Templates snap-in (under the Available snap-ins section) and select it.
Click Add, and then click OK.
Under Console Root, expand the Certificate Templates snap-in.
All the available certificate templates are listed in the middle section.
Scroll down the list until you locate the User template, right-click and click Duplicate Template.
Select Windows Server 2003 Enterprise and click Apply.
In the pop-up dialog that appears, click the General tab.
Enter the Template Display Name, for example 'PGP Template' and select Publish Certificate in Active Directory.
Click the Cryptography tab.
Click on the CSPs and select Request can use any CSP available on subject's computer. Click Apply.
Click the Subject Name tab.
Clear E-mail name in subject name and E-mail name check boxes.
Click the Security tab.
Add and provide the Read and Enroll permissions to:
Authenticated Users
Administrator
For Domain Admins and Enterprise Admins, make sure that Read, Write, and Enroll check boxes are selected.
Click Apply and then OK.
Configuring the CA to support the PGP Certificate Template
To configure the CA to support PGP certificate, perform the following steps:
Log on to system as a domain administrator.
From the Start menu select Control Panel > Administrative Tools > Certification Authority.
In the console tree (left-hand section), expand the CA (It has a computer and a green tick next to it).
In console tree of the Certification Authority snap-in, right-click Certificate Templates, and then click New Certificate Templates to Issue.
In the Enable Certificates Templates, select the PGP User template and any other certificate templates you configured previously, and then click OK.
Open Certificate Templates in the Certification Authority and verify that the modified certificate templates appear in the list.
Creating a Key and Requesting a Certificate
To create a key and request a certificate:
Log on to system as a domain administrator.
From the Start menu, select Run.
In the Run dialog, type
certmgr.msc
and click OK.In the mmc console that appears, right click on the Personal folder and select All Tasks > Request New Certificate.
Click Next.
Select Active Directory Enrollment Policy and then click Next. It will display the certificate template you have configured, i.e. PGP Template.
Click on Details > Properties.
Under Certificate Properties window, select the Subject tab.
Select Common Name under Subject Name and provide the fully qualified domain name for the computer on which you are installing the certificate in the Value field.
Click Add.
Repeat the same step to add more values.
Click the General tab and provide the user-friendly name. For example: PGP User Certificate.
Click the Private Key tab, and select key type as signature. Also verify that SafenetProtectApp CSP Provider must be selected under the Cryptographic Service Provider.
Click the Certificate Authority tab and make sure that Enterprise Root CA is selected.
Click Apply and then OK.
Select PGP User certificate template or the certificate template you have configured, and click Enroll.
After successful enrollment, click Finish.
Make sure that certificate is now available in Personal > Certificate store.
Double-click the Certificate and check that you have a private key that corresponds to this certificate.
The keys for this certificate is generated on the CipherTrust Manager.