Versions Compared

Old Version 6

changes.mady.by.user Josefin Klang

Saved on

compared with

New Version 7

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
This article is valid for Certificate Manager 8.4 and later.

This article describes how to import a cross certificate request from an external Certificate Authority (CA), outside Smart ID Certificate Manager (CM), create the signing CA certificate and export that CA certificate to be returned to the originating CA. This task is done in the Administrator's workbench (AWB) in Certificate Manager (AWB).

Expand
titlePrerequisites

The following prerequisites apply:

  • Two administration officers must sign the request.
  • Both officers must have the following roles:
    • Use AWB
    • CA and Key tasks
  • A connection to the CM host must have been established (see Connect to a Certificate Manager host).
  • The required parameters for the cross certification must be known and have been agreed upon.

...

titleImport a cross certificate request from an external CA

...

Clicking Save at any time during the creation of the CA, before clicking OK, will save the data and place the incomplete CA in the CA Hierarchy..

To complete the CA creation at a later stage:

...

To customize the certificate attributes in the Modify dialog, see the "Set certificate attributes" section in Create CA in Certificate Manager.

Note

When customizing the certificate attributes display, selecting Auto add data fields in the Fields Chooser will override any settings and present all available certificate fields that contain data.

  1. In AWB, select Cross > Import Request.

  2. In the Select File Containing Request dialog, select the relevant request file and click Open.

  3. In the Modify Requested Cross Certificate dialog, enter the CA name that should appear in the CA Hierarchy in the explorer bar. This field is mandatory.

  4. If required, modify State, Domain and Visibility in subdomain.

  5. To modify the CA Valid from and Expiration date fields, highlight in turn the days, hours, and minutes and adjust using the up and down arrows. The individual units of date and time may also be entered manually.

  6. Click the Issuing CA browse button to open the Select CA window.

  7. Click on the required CA to highlight it and click OK. The selected CA appears in the Issuing CA field. This field is mandatory.

...

titleCreate the signing CA certificate

...

To select the CA usage, check Certificate signing and/or CRL signing. Selection of at least one option is mandatory.

...

Click on the required format to highlight it and click OK. The selected certificate format appears in the Format field. This field is mandatory.

The format must accept the authorityKeyId from the request. This is done by the subordinate-ca-cert format. If any other format is chosen, ensure that the format is suitable. This field is mandatory.

...

Click OK. The Signature dialog box appears. See Sign tasks in Certificate Manager for more information.

Expand
titleExport the CA certificate to be returned to the originating CA

  1. Highlight the CA created above and select Cross > Export Certificate.

  2. Select the required file format, Binary or Base64, from the sub menu. Use Base64 if the certificate is to be sent to the external CA by email. The Select File for writing Certificate browser window is displayed.

  3. Enter the name of the file to be used for the certificate and select its required location.

  4. Click Save.
  5. The file containing the certificate is now forwarded to the external CA.

Related information