Configure RAEP functionality after client CA change
After replacing the client CA with a different one, RAEP functionality will be broken, since the calls to VeridiumID server will be performed using a friend certificate from the old client CA. In order to fix this, you must perform the following steps:
Obtain a new friend certificate from the VeridiumID server. For this, access the Veridium manager, then Settings->Certificates->Service Credentials and click on Create Custom Service Certificate:
Enter a Device ID, select AD as integration and click on Create:
Connect via Remote Desktop to the server where the RAEP resides. Copy also the previously created certificate to this server. Access Veridium RAEP Configuration utility - click on Start->VeridiumID → VeridiumID RAEP Config:
In General Settings, under Custom Service Certificate click on Import new:
Browse and select the certificate, type in the password, then click on Import:
Connect via Remote desktop to the client machine where you have the credential provider installed and open the local machine certificate store (certlm.msc).
Identify the machine certificate created from the OLD client ca. Its friendly name should be VeridiumID Device Certificate:
Delete this certificate, then restart the BopsLogon service. This should force the credential provider to obtain a new machine certificate from the new client CA.
Lock the machine and test the credential provider.