Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Contact Identiv to purchase the VCCS

  2. Obtain the installation file for the VCCS from Identiv, and copy it to your Velocity Server

  3. Locate the installation file (such as VelocityCertService_3.8.5.29), then right-click on it and choose the “Run as administrator” command from the pop-up menu

  4. While running the VCCS setup, a dialog appears displaying the ValidationSystemID as shown. Please make a note of this ID.

    Image RemovedImage Added

If your Velocity system is already running the previous certificate checking service provided by Identiv’s Professional Services Group, the installer will automatically upgrade your system to use the new Velocity Cert Check Service, and your existing configuration settings will be migrated from the config.xml file into the Velocity database.

...

  1. Right-click on the icon for Velocity’s Service Control Manager (in the Windows tray), and choose Settings.

  2. In the resulting Velocity Settings dialog:

    1. Click on the Velocity Cert Check Service entry in the left-hand pane.

      Image RemovedImage Added
    2. On the resulting Velocity Cert Check Service Settings page, click on the Configure button.

  3. On the General page of the resulting Velocity Cert Check Service Configuration dialog, copy the value in the System ID field to the Windows Clipboard, then paste it into an email message.
    For details about “Enforce FICAM Strict Compliance” checkbox, refer the Velocity help pages under Home -> FICAM Solution -> Configuring and Managing the Velocity Cert Check Service -> Velocity Cert Check Service Configuration dialog –> General page

    Image RemovedImage Added
  4. Right-click on the icon for Velocity’s Service Control Manager (in the Windows tray), and choose Velocity License Manager.

  5. On the resulting Velocity License Manager window, copy the value of the Velocity Server ID field (on the top line) to the Windows Clipboard, then paste it into the email message.

  6. Compose your email message so that:

    1. It is addressed to vlas@identiv.com

    2. It has a Subject such as “License Request for Velocity Cert Check Service

    3. The Body includes both the System ID value and the Server ID values

  7. Send the email message

...

Use the `GenerateTemporaryValidationKey.exe` tool found located in the VCCS install directory to generate a temporary Validation Engine license key. This temporary key can populate populates the VLAS license, enabling 30-day use.

The temporary key allows the user to provide Identiv with the necessary information to issue a permanent VLAS license containing the Validation Key parameter. This ensures that the user can use VCCS for 30-days while waiting for the HID to process the permanent license.

...

  1. Click on the menu button in the upper left corner of Velocity’s main window.

  2. Click on the Preferences button at the bottom of the drop-down menu.

  3. On the General tab of the resulting Velocity Preferences dialog, check the Enable the FICAM Mode checkbox.

    For more details about FICAM Degraded Mode Timeout, refer the Velocity help pages under Home -> FICAM Solution -> Enabling FICAM Mode and Specifying the FICAM Degraded Mode Timeout setting.

    Image RemovedImage Added
  4. Restart the Velocity client and all Velocity Services for the configuration to apply.

...

  1. From the Enrollment Manager’s menu bar, choose the Tools > User Defined Fields… command.

  2. On the User Defined Fields page of the resulting User Defined Setup dialog, create the user-defined fields needed for the data of a PIV card, with the Caption and Type specified.

    Image RemovedImage Added

    Image RemovedImage Added

  3. When you are finished creating the user-defined fields, click the OK button.

  4. From the Enrollment Manager’s menu bar, choose the Tools > Preferences command.

  5. On the General page of the resulting Preferences dialog, click on the drop-down list in the UDF Name Parsing section and select the user-defined field you created earlier for the Full Name, then click the OK button.  (This text data will be parsed into separate First Name, Middle Name, and Last Name fields.)

    Image RemovedImage Added
  6. Click the OK button on the message dialog informing you that these changes will not take effect until after the Enrollment Manager has been restarted, then close and reopen the Enrollment Manager.

...

  1. In Velocity’s main window, expand the System Tree (in the left pane of the Administration module) to display the Velocity Configuration > Credential Templates folder, and click on that folder.

  2. In the right pane of the Administration module, double-click the Add New Template item.

  3. In the New Credential Template Properties dialog, specify the appropriate values on the General page.

    Image RemovedImage Added
    1. In the Description field, type a unique descriptive name for this new credential template

    2. From the Badge Template drop-down list, select (None) because you will not be creating new printed badges

    3. From the IDF drop-down list, select an entry that includes Card

    4. From the card Type drop-down list, select 200-bit FASCN

    5. Click on the UDF… button (on the right of the Data field)

      Image RemovedImage Added
  4. On the Concatenate FASCN UDFs dialog, select the corresponding numeric UDF (previously defined in Creating the User-Defined Fields for a PIV Card) from each drop-down list, then click OK.

  5. For creating a credential template for PIV-I smart cards, follow steps 1 till 3. In the Concatenate FASCN UDFs dialog, for UDF field selection on Agency Code, select 'UUID' from the drop-down for PIV-I card.
    Unlike the PIV cards, the PIV-I cards accept only one UUID value.

    Image RemovedImage Added

Setting up the Door Properties

...

  1. Select the appropriate Custom Card Codes from the drop-down to remap the data. Only those card data maps previously defined for this system appear in this drop-down list.

  2. For FICAM, select Hex Pass-Through (NP) option in MATCH Algorithm (any bits).

  3. Check Enable Keypad only if the reader includes a keypad for entering PIN codes.

  4. For FICAM, select PIV-I/PIV-C, 32 Hex Digit UUID option in Fixed bit length cards.

  5. For FICAM, select either 200 bits in, 32 digits out or 128 bits in, 32 digits out in PIV Card (FASCN handling).

  6. Click OK. The Reader configurations gets downloaded to the controller.

  7. Reopen the Door Properties window.

  8. If secure OSDP reader type is used, then Goto Entry Reader->Card Reader Setup tab and click the Initiate Secure OSDP Connection button as shown.

    Image RemovedImage Added
  9. The reader restarts and comes back online. Click OK.
    The reader firmware version is available in the General tab.

...

  1. Open the Microsoft Management Console (MMC) by clicking Start->Run-> type mmc and hit [Enter].

  2. In the Console window, choose File-> Add/Remove Snap-in..

  3. Under Available snap-ins, select Certificates and click Add then click OK.

    Image RemovedImage Added
  4. Select Computer Account and click Next.

    Image RemovedImage Added
  5. Click Local computer: (the computer this console is running on) and Finish.

    Image RemovedImage Added
  6. On the resulting Console window, select Certificates (Local Computer)-> Certificates-> More Actions-> All Tasks-> Import..

    Image RemovedImage Added
  7. In the Certificate Import Wizard window, click Next to continue to import the certificate.

    Image RemovedImage Added
  8. Select Browse to import the certificate and click Next.

    Image RemovedImage Added
  9. After choosing the Security type files. Click Next to proceed to Completing the Certificate Import Wizard window and click Finish as shown.

    Image RemovedImage Added
  10. The successful certificate import wizard window appears. Click OK to close the wizard.

    Image RemovedImage Added

For detailed instructions on how to configure the Windows system to trust the Federal Common Policy CA G2 (FCPCA G2) certificate, refer How to configure Windows System to trust the FCPCA G2 Certificate.

...

  1. From the Enrollment Manager’s menu bar, choose the Tools > Device Configuration… command.

    Image RemovedImage Added
  2. On the Device Configuration dialog, select PIV Reader tab.

    Image RemovedImage Added
    1. Make sure that the Enable PIV reader(s) option is checked.

    2. Make sure that the Default Card Type is set to FIPS 201 Contact.

    3. Click the Map UDF Fields… button.

      Image RemovedImage Added
  3. On the Map UDF Fields window:

    1. Select the Auto Map button to automatically map between like-named data objects on a PIV card and the corresponding user-defined fields that you created earlier in the UDF setup dialog previous.

      Image RemovedImage Added
    2. To manually map fields, click on an entry in the Document Field list, and drag it onto the corresponding entry in the UDF Field list.

      Image RemovedImage Added
    3. After you have finished specifying all of the mappings, click the Apply button, and then click the Close button.

  4. Back on the Device Configuration dialog, click the OK button.

  5. Click the OK button on the message dialog informing you that these changes will not take effect until after the Enrollment Manager has been restarted, then close and reopen the Enrollment Manager.

...

  1. Insert a PIV card into the Smart Card Reader.

  2. In the Enrollment Manager, click on the Add Person item in the left pane.

    Image RemovedImage Added
  3. At the bottom of the Personal Information pane on the right, click the Scan button.

  4. On the PIV Reader page of the resulting Verify Scanner Data dialog, verify that the Type is set to FIPS 201 Contact, and then click the Read Card button.

  5. On the resulting Card PIN dialog, type the PIN for this card and then click OK.

    Image RemovedImage Added
  6. After the card’s data has been read, click the Validate Certificates button.

    Image RemovedImage Added
  7. You may optionally click the View buttons to view the security certificates.

  8. Click the Accept button to close the Verify Scanner Data dialog.

  9. Back in the Enrollment Manager, click the Apply button (in the lower right corner of the Personal Information pane).

  10. Click on the Add New Credential from Template item, choose an appropriate credential template from the resulting Select Credential Template dialog, and click OK.

  11. In the resulting credential properties dialog, verify that the FASCN field is populated, and click OK.

  12. Download this new credential to your controllers.

  13. Remove the PIV card from your enrollment reader, and test the card at an appropriate door reader, to verify that everything is working properly.