Infineon Security Platform Certificate Viewer and Certificate Selection

Infineon Security Platform

Infineon Security Platform Solution - Certificate Viewer and Certificate Selection

Infineon Security Platform Certificate Viewer and Certificate Selection

Infineon Security Platform Certificate Viewer and Certificate Selection are used to manage certificates.

Differences to Microsoft Management Console Certificates Snap-In

In contrast to the Microsoft Management Console Certificates Snap-In, you can link certificates to the Security Platform with Security Platform Certificate Viewer and Certificate Selection:

You can protect private keys by the Trusted Platform Module.
You can select certificates to be used for file and folder encryption with Encrypting File System (EFS) and Personal Secure Drive (PSD).

Differences between Certificate Viewer and Certificate Selection

Certificate Viewer and Certificate Selection share some common certificate management functionality, e.g. displaying a list of certificates, viewing certificate and private key details and importing PKCS #12 certificates into the Security Platform.

Differences between Certificate Viewer and Certificate Selection are:

Certificate Viewer: The Certificate Viewer is a special certificate management tool for the Security Platform Solution. For example, you can protect private keys by the Trusted Platform Module.

Certificate Selection: The purpose of Certificate Selection is to select a certificate for file and folder encryption with EFS or PSD. You can also create a self-signed certificate or request a certificate from a Certification Authority (CA).

How to enroll and select certificates

Enroll and select EFS certificates via Certificate Selection:

With Request... you can request a certificate from an external Certification Authority (CA).

With Create you can either request a certificate from a CA within your domain, or create a self-signed certificate.

With Select you can select the certificate to be used for EFS or PSD.

Note that both Request... and Create depend on the policy EFS certificate type and enrollment.
Note that EFS certificates are not only used for EFS, but also for PSD.

Enroll certificates for any usage via User Initialization Wizard's page Request a certificate.
This depends on the policy URL to start from wizard for certificate enrollment.

More details on certificate enrollment

Dialog Elements

Common Dialog Elements	Explanation
Show certificates with intended purpose	Select the intended purpose here to filter the certificate list. For example, you can display only secure e-mail certificates, or you can display all certificates. In Certificate Selection, this selection is set to Encrypting File System and disabled. Note that this setting is used both for EFS and for PSD.
Certificates list	This list displays the certificates on your PC which meet the criteria you have set (e.g. intended purpose). This symbol is used for certificates whose private keys are accessible. This symbol is used for certificates whose private keys are not accessible any more. This symbol is used if it is not known whether a certificate's private key is accessible, for example, if the private key is stored on a smart card. Insert the smart card and select the certificate in this case. This symbol is used for certificates without corresponding private key. In Certificate Selection, the currently used EFS or PSD certificate is displayed in bold.
View...	Click here to display details of the selected certificate.
Import...	Click here to import a PKCS #12 certificate. The Security Platform PKCS #12 Import Wizard will be started. The certificate's private key will be protected by the Trusted Platform Module. This button is only enabled, if the policy Allow Key Import for User allows.
Private Key	If you have selected a certificate containing a private key, the key properties are displayed here.
Additional Dialog Elements in Certificate Viewer	Explanation
Show certificates from other providers	Check this checkbox to display not only certificates from the Infineon TPM Cryptographic Provider, but also from other providers.
Show PKCS #11 private certificates also	If you check this checkbox, you will have to authenticate to the Security Platform when the Certificate Viewer accesses a PKCS #11 private certificate.
Protect	Click here to protect the selected certificate's private key by the Trusted Platform Module. Note that protecting your private key cannot be undone. If you want to be able to restore an unprotected version, then export the certificate via the Microsoft certificates window first.
Delete	Click here to delete the selected certificate and its private key from your PC. This button is only enabled, if the selected certificate is not used for EFS or PSD, but its private key is protected by the Trusted Platform Module. Please check whether the certificate is still in use. You will not be able to use it any more.
Close	Click here to close Certificate Viewer.
Additional Dialog Elements in Certificate Selection	Explanation
Request...	Click here to request a certificate from a Certification Authority (CA). A certification request dialog will be displayed. Follow the on screen directions to complete the certificate request process. Then, close the certificate request window by clicking on the Close button in the window title bar. This button is disabled, if no certificate request web address is set in the policy setting EFS certificate type and enrollment.
Create	Click here to obtain a domain certificate or create a self-signed certificate. The Security Platform Solution software will try to obtain a certificate from a Microsoft Certification Authority (CA) within your domain. If no domain CA is available, then a self-signed certificate will be created. Notes: Depending on domain CA settings, the requested certificate may not be obtained directly. Possible reasons: Manually operated CA, certificate delivery by mail. In this case, please consult your Certification Authority operator regarding the certificate availability. Depending on the policy setting EFS certificate type and enrollment, you may not be allowed to create self-signed certificates. If no domain CA is available, and self-signed certificates are forbidden by policy, then you cannot obtain a certificate via Create. The validity period of self-signed certificates can be set via the policy setting EFS self-signed certificates validity period.
Select	Click here to use the certificate selected in the window's certificate list for EFS and PSD. Certificate Selection will be closed, returning to the Encryption Certificate page in User Initialization Wizard.
Cancel	Click here to close Certificate Selection and return to the Encryption Certificate page in User Initialization Wizard without changing the EFS or PSD certificate.

Application Startup

Certificate Viewer: Start the Security Platform Certificate Viewer via the Settings Tool (Settings Tool - User Settings - Manage...).

Certificate Selection: To start Security Platform Certificate Selection, click Select... when configuring file and folder encryption with EFS or PSD (User Initialization Wizard - Encryption Certificate)

previous page start next page