Once you have created your token service Service Account, complete the following steps to obtain your PKI Certificate:
Go to IdMax/NAMS https://idmax.nasa.gov
Select "Manage PKI Certificates for Devices" under the Credentials quick link section.
The following screen will display the SSL, Code Signing, IPSec, and Custom certificates that you are managing.
Click the “+ Add Certificate” button on the right side of the PKI Certificates frame.
The Create new PKI Certificate window will appear. Select the Authority - “NICA” and select the Certificate Type – “Service Account."
The Search Certificates box will appear, enter the AUID of the Service Account that you were granted for your provider.
Acknowledge the NASA Subscriber Agreement. Check this box and then click the “Create New Certificate” button at the bottom.
The Create new PKI Certificate window will close and you will be returned to the original screen with the new Service Account name shown in the list of managed certificates. You can now optionally i) add additional emails for notification, ii) add Backup Owners – this allows another user to manage this certificate without having to transfer ownership and iii) to change the provider associated with this certificate request, if you want.
Under “Special Instructions” specify that this request is for an “NDC Service Account Certificate to be use for Client Authentication with the Siteminder Token Service”. Also include the full UPN of the service account, ex. agserviceaccount@ndc.nasa.gov.
Once you have added all the additional attributes to this certificate request, click the “Submit Request” button at the bottom to submit your request.
- Submit a request for a new PKI Certificate
Please send an email to arc-dl-pki-support@mail.nasa.gov with the NAMS Modify identifier included in the email. Please specify that this is for a New Service Account NICA certificate.
- You will receive your certificate and key via encrypted email.
Overview
Content Tools