Set-up Emergency Use Admin Accounts
ADSS Server supports standard TLS client authentication of users (with the certificate/private key being held on a smartcard, USB token or software file). It is recommended to use the ADSS internal CA module to create admin PFX files for TLS client login for emergency use. There should be an emergency admin account registered with this emergency PFX. The PFX file can be held in software on a standard memory stick, alternatively inserted into a crypto USB Token or a smart card can also be used. ADSS Server Key Manager can generate keys directly within these tokens too.
The emergency token should be stored in a secure location and have appropriate usage procedures defined. Multiple emergency PFXs can be created and stored in the same way. It is recommended that the emergency use administrator certificate is created with a relatively longer validity period and its expiry is noted and monitored for renewal. If somehow all the normal user certificates (based on the production system) become invalid, this emergency token will still work and can be used to set-up new normal user certificates on the production system. Adding new user account and certificates is described here and generating new keys and certificates on software and smart cards is explained here.
See also
Generating a new User Certificate
Creating User Accounts & Enabling Dual Control
Set-up Emergency Use Admin Accounts