The following issues apply to method configuration:
If a valid license key is not entered by using iManager, NESCM stops functioning after the 90-day trial period has expired. Enter a valid license key to enable the method. For information about how to enable NESCM, see Section 3.8, Activating NESCM.
If NESCM fails with an Invalid Certificate or Certificate Validation Failed message, the method was unable to validate the certificate sent by the workstation. Check the following items:
The certificate on the smart card is not expired or has not been revoked by the issuing Certificate Authority.
NESCM is properly configured with a trusted root container that contains a valid trusted root certificate. For information about configuring the trusted root container, see Section 3.1, Configuring Trusted Root Certificates.
Certificate revocation checking is properly configured. For more information, see Section 3.2, Configuring Certificate Revocation Checking.
Certificate Revocation List (CRL) and On-Line Certificate Status Protocol (OCSP) revocation checking requires connectivity to the CRL Distribution Point or OCSP Responder. If the information is unavailable, the validation process fails.
When using OCSP validation, the OCSP response is signed by the responder's certificate. For the response to be considered valid, the responder's certificate must be trusted. Place the OCSP responder's trusted root certificate in the trusted root container to identify it as trusted.