Certificate Template Support for SafeNet CSPs

The current list of certificate templates in the CA do not make use of the SafeNet CSP. New templates must be created in the Certificate Templates store and then issued from the CA templates store. For example, a web server certificate template only supports the Microsoft DH and RSA providers.

In order to create new templates that support the SafeNet CSP, perform the following procedure. The procedure is basically the same for any certificate that you need to issue using the SafeNet CSPs.

To create a new template that supports the SafeNet CSP

Note that the use of the User template in this procedure is for example only. Substitute this for any other template to meet your particular requirements.

1.Start a new MMC session and add both the Certification Authority and Certificate Template snap-ins.

2.Expand the Certificate Templates object and locate the User template.

3.Right click on the User template and select Duplicate template. This will display the new template properties.

4.Enter a Template display name. Note that you cannot give it the same name as the template that already exists.

5.Go to the Request Handling tab and click on the CSP button. Either select Requests can use any CSP available on the subject’s computer or make sure that the SafeNet RSA providers are checked.

6.Check the Issuance Requirements and Security tabs to ensure that the appropriate permissions are correct. Click OK to complete.

7.Now go to the CA object and select Certificate Templates.

8.Right click New and select Certificate Template to Issue.

9.Locate the new template that was created in steps 1-6 and click OK. Close the MMC console session.

10.To test that the SafeNet provider is now available, open a new MMC console and choose the Certificates snap-in. Select My User Account when prompted. The Administrator’s personal certificate store is now available.

11.Right click on the personal object and select All Tasks, Request new certificate. The Certificate Request Wizard displays.

12.Click Next to reveal the certificate types available, select the new certificate and check the Advanced check box. Click Next.

13.On the CSP page that now displays, note that the SafeNet providers are now listed. Choose the RSA full provider and any other appropriate settings such as Key is Exportable, etc. Complete the process by clicking OK.

The certificate is generated and visible in the personal store.


Customer Support Portal

SafeNet ProtectToolkit 5.7 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.