Skip to main content
Skip table of contents

VeridiumAD RA/EP Server

This document outlines the prerequisites and installation steps for the VeridiumAD Registration Authority (RA) and Enrollment Proxy (EP) server components. These components are crucial for enabling passwordless authentication within a Windows domain environment.

Prerequisites

Before performing the steps in this guide, install the VeridiumID server following the procedures in VeridiumID Installation guide.

Before installing the VeridiumAD RA/EP server, ensure the following prerequisites are met:

  • Microsoft Enterprise Certification Authority (CA):

    • A Microsoft Enterprise CA must be installed and configured within your Active Directory (AD) domain.

    • The CA certificate must be trusted by domain computers and Domain Controllers.

  • CA Administrator and Domain Rights:

    • The user performing the installation must have CA administrator privileges to allow the Veridium RA to communicate with the CA.

    • Domain Enterprise rights are required to register new Certificate Templates in the CA.

  • Server Domain Membership:

    • The server where the Veridium RA component will be installed must be joined to the same domain where the Microsoft CA is installed.

    • The server where the Veridium EP component will be installed must be joined to the same domain where the client computers are joined.

    • In a single domain environment, both Veridium RA and Veridium EP can be installed on the same server.

    • If the Microsoft CA is in a different domain than the client computers, it is recommended to install Veridium RA and Veridium EP on separate servers, each joined to the corresponding domain.

  • Operating System:

    • Veridium RA and Veridium EP require Windows Server 2012 R2 or newer.

  • Internet Information Server (IIS):

    • Both servers require IIS to be installed.

  • SSL Certificate:

    • A valid SSL certificate must be bound to HTTPS communication for both Veridium RA and Veridium EP servers.

    • The SSL certificate must meet the following requirements:

      • Subject Alternative Name (SAN): Must contain a SAN DNS Name with the Fully Qualified Domain Name (FQDN) of the server.

      • Public Key Length: 2048 bits.

      • Enhanced Key Usage: Must include Server Authentication.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close