Infineon Security Platform Solution - Certificate Viewer and Certificate Selection |
Infineon Security Platform Certificate Viewer and Certificate Selection
Infineon Security Platform Certificate Viewer and Certificate Selection are used to manage certificates.
Differences to Microsoft Management Console Certificates Snap-In
In contrast to the Microsoft Management Console Certificates Snap-In, you can link certificates to the Security Platform with Security Platform Certificate Viewer and Certificate Selection:
- You can protect private keys by the Trusted Platform Module.
- You can select certificates to be used for file and folder encryption with Encrypting File System (EFS) and Personal Secure Drive (PSD).
Differences between Certificate Viewer and Certificate Selection
Certificate Viewer and Certificate Selection share some common certificate management functionality, e.g. displaying a list of certificates, viewing certificate and private key details and importing PKCS #12 certificates into the Security Platform.
Differences between Certificate Viewer and Certificate Selection are:
Certificate Viewer: The Certificate Viewer is a special certificate management tool for the Security Platform Solution. For example, you can protect private keys by the Trusted Platform Module.
Certificate Selection: The purpose of Certificate Selection is to select a certificate for file and folder encryption with EFS or PSD. You can also create a self-signed certificate or request a certificate from a Certification Authority (CA).
How to enroll and select certificates
Enroll and select EFS certificates via Certificate Selection:
- With Request... you can request a certificate from an external Certification Authority (CA).
- With Create you can either request a certificate from a CA within your domain, or create a self-signed certificate.
- With Select you can select the certificate to be used for EFS or PSD.
Note that both Request... and Create depend on the policy EFS certificate type and enrollment.
Note that EFS certificates are not only used for EFS, but also for PSD.
Enroll certificates for any usage via User Initialization Wizard's page Request a certificate.
This depends on the policy URL to start from wizard for certificate enrollment.
More details on certificate enrollment
Dialog Elements
Common Dialog Elements | Explanation |
Show certificates with intended purpose | Select the intended purpose here to filter the certificate list. For example, you can display only secure e-mail certificates, or you can display all certificates. In Certificate Selection, this selection is set to Encrypting File System and disabled. Note that this setting is used both for EFS and for PSD. |
Certificates list | This list displays the certificates on your PC which meet the criteria you have set (e.g.
intended purpose).
This symbol is used for certificates whose private keys are accessible. In Certificate Selection, the currently used EFS or PSD certificate is displayed in bold. |
View... | Click here to display details of the selected certificate. |
Import... | Click here to import a PKCS #12 certificate. The Security Platform PKCS #12 Import Wizard will
be started. The certificate's private key will be protected by the Trusted Platform Module. This button is only enabled, if the policy Allow Key Import for User allows. |
Private Key | If you have selected a certificate containing a private key, the key properties are displayed here. |
Additional Dialog Elements in Certificate Viewer | Explanation |
Show certificates from other providers | Check this checkbox to display not only certificates from the Infineon TPM Cryptographic Provider, but also from other providers. |
Show PKCS #11 private certificates also | If you check this checkbox, you will have to authenticate to the Security Platform when the Certificate Viewer accesses a PKCS #11 private certificate. |
Protect | Click here to protect the selected certificate's private key by the Trusted Platform Module. Note that protecting your private key cannot be undone. If you want to be able to restore an unprotected version, then export the certificate via the Microsoft certificates window first. |
Delete | Click here to delete the selected certificate and its private key from your PC. This button is only enabled, if the selected certificate is not used for EFS or PSD, but its private key is protected by the Trusted Platform Module. Please check whether the certificate is still in use. You will not be able to use it any more. |
Close | Click here to close Certificate Viewer. |
Additional Dialog Elements in Certificate Selection | Explanation |
Request... | Click here to request a certificate from a Certification Authority (CA). A certification request dialog will be displayed. Follow the on screen directions to complete the certificate request process. Then, close the certificate request window by clicking on the Close button in the window title bar. This button is disabled, if no certificate request web address is set in the policy setting EFS certificate type and enrollment. |
Create | Click here to obtain a domain certificate or create a self-signed certificate. The Security Platform Solution software will try to obtain a certificate from a Microsoft Certification Authority (CA) within your domain. If no domain CA is available, then a self-signed certificate will be created. Notes:
|
Select | Click here to use the certificate selected in the window's certificate list for EFS and PSD. Certificate Selection will be closed, returning to the Encryption Certificate page in User Initialization Wizard. |
Cancel | Click here to close Certificate Selection and return to the Encryption Certificate page in User Initialization Wizard without changing the EFS or PSD certificate. |
Application Startup
Certificate Viewer: Start the Security Platform Certificate Viewer via the Settings Tool (Settings Tool - User Settings - Manage...).
Certificate Selection: To start Security Platform Certificate Selection, click Select... when configuring file and folder encryption with EFS or PSD (User Initialization Wizard - Encryption Certificate)
©Infineon Technologies AG