Installation Overview

Requirements

Time synchronization is required between the service provider and identity provider. If this is not possible for some isolated test case, this can be worked around by setting the service provider's server time slightly ahead of the identity provider, but this is under no circumstances a recommended practice, especially in a production environment.
For information about the Network Time Protocol, refer to following URLs.
- NTP: The Network Time Protocol
  http://www.ntp.org
- Windows Time Service Technical Reference
  https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/windows-time-service/windows-time-service

A root certificate for verifying the certificates the user
An optional HTTP or LDAP address for the CRL distribution point, or HTTP address to OCSP server

The Certificate Authentication Provider installation includes the complete PKI files and settings for the Finnish National Electronic ID card (HST).

Before proceeding with installation, the following configuration decisions must be made:

Decide the deployment URL for Certificate Authentication Provider. Later in this guide, the deployment URL is referred as the base URL. Example: https://example.com/certap
Decide the trusted certificate issuers and acquire their certificates in base64 encoded format. Resolve the CRL distribution point/OCSP server for each trusted issuer.
Decide which attributes are transmitted to Ubisecure Authentication Server in addition to the user's subject. Please refer to later this documentation for more information about the possible attribute values.