Show Table of Contents
5.15. Using Different Applets for Different SCP Versions
In Certificate System, the following parameter in the
/var/lib/instance_name/tps/conf/CS.cfg file specifies which applet should be loaded for all Secure Channel Protocol (SCP) versions for each token operation:
op.operation.token_type.update.applet.requiredVersion=version
However, you can also set individual applets for specific SCP versions, by adding the following parameter:
op.operation.token_type.update.applet.requiredVersion.prot.protocol_version=version
Certificate System supports setting individual protocol versions for the following operations:
formatenrollpinReset
Example 5.3. Setting Protocol Versions for Enrollment Operations
To configure a specific applet for SCP03 and a different applet for all other protocols when performing enrollment operations for the
userKey token:
- Edit the
/var/lib/instance_name/tps/conf/CS.cfgfile:- Set the
op.enroll.userKey.update.applet.requiredVersionparameter to specify the applet used by default. For example:op.enroll.userKey.update.applet.requiredVersion=1.4.58768072
- Set the
op.enroll.userKey.update.applet.requiredVersion.prot.3parameter to configure the applet Certificate System uses for the SCP03 protocol. For example:op.enroll.userKey.update.applet.requiredVersion.prot.3=1.5.558cdcff
- Restart Certificate System:
systemctl restart pki-tomcatd@instance_name.service
For details about enabling SCP03 for Giesecke & Devrient (G&D) Smart Cafe 6 smart cards in a TKS, see Section 5.12, “Setting Up New Key Sets”.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.