About the user PIN Configuration
Starting with version 4.30, Redtrust introduces the user PIN as an additional security layer to help prevent unauthorized certificate use. The user PIN is unique to a single user and can be used with one or more certificates.
In addition to the user PIN, Redtrust offers the option to add a certificate PIN, which serves a different purpose. The certificate PIN is linked to a specific certificate and can be shared among users.
Whenever possible, users should use their individual PIN to ensure better access control and reduce the risk of unauthorized use.
Where is it configured?
You can manage both PINs from:
-
The system policies.
The following tables summarize how both configurations interact. This behavior is especially relevant for administrators when setting up certificates.
Behavior Logic Without Certificate PIN
Certificates without a certificate PIN will follow this logic, depending on the user PIN configuration:
Behavior Logic With Certificate PIN
Certificates with a configured certificate PIN will follow this logic, depending on the user PIN configuration:
Consideration When Uploading Certificates
When a certificate is uploaded to the personal area, the logic may vary depending on whether a certificate PIN was defined at that time. If a certificate PIN was set during the upload, the system will accept either of the two PINs (user or certificate). This is designed to prevent lockouts or errors and to improve the user experience.
Summary
The interaction between policy settings, certificates, and how the certificate is uploaded determines whether a PIN will be requested and which one. In general, the user PIN takes precedence unless you force the certificate configuration. If a certificate PIN is defined during upload to Redtrust, the system will accept either one to facilitate access.
For information on how to configure the user PIN, see How to set up and change the user PIN.