Installation Guide

Installation

Xerox® Smart Card

Installation Guide

If your site does not register the DC with OCSP:

a. Uncheck all three Domain

Controller OCSP Certificate

Validation boxes and add the

required Domain Controller.

b. Select Save. Go back and add

other Domain Controllers as

required.

If you wish to validate the DC against

OCSP before validation of the user:

a. Check the box for Validate

before CAC/PIV Authentication.

b. Enter the OCSP Server Service URL details.

Note: Depending on your environment, these details may be case sensitive.

If you wish to validate the DC against OCSP after validation of the user:

a. Check the box for Validate after CAC/PIV User Authentication.

b. Enter the OCSP Server Service URL details.

c. If you wish to validate the DC certificate retrieved as part of the user authentication process

against the one stored during installation, check the box for Domain Controller Signature

must match uploaded Domain Controller Certificate.

6. Enter the Domain Controller details for the authentication server.

a. Determine how many Domain

Controllers used in your

environment need to be

accessed from the particular

device.

b. Identify the order the Domain

Controllers should be

interrogated when users present

their card for authentication. The

Domain Controller which services

most of your users should be first

followed by less popular Domain Controllers.

c. Enter the controllers in the preferred search order.

Note: The search order can be modified at a later date.

d. Select Add.

e. Ensure the Domain Controller

Type is configured correctly for

your authentication

environment.

f. Enter the IP Address or enter the

Domain Controller Host Name

(this must be the fully qualified

Host Name).