...
...
This article is valid for Certificate Manager 8.4 and later.
This article describes how to import a cross certificate request from an external Certificate Authority (CA),
...
outside Smart ID Certificate Manager (CM), create the signing CA certificate and export that CA certificate to be returned to the originating CA. This task is done in the Administrator's workbench (AWB) in Certificate Manager
...
(AWB).
Prerequisites
Expand |
---|
|
The following prerequisites apply: - Two administration officers must sign the request.
- Both officers must have the following roles:
- A connection to the CM host must have been established (see Connect to a Certificate Manager host).
- The required parameters for the cross certification must be known and have been agreed upon.
|
Step-by-step instructions
Expand |
---|
title | Import a cross certificate request from an external CA |
---|
|
Note |
---|
Clicking Save at any time during the creation of the CA, before clicking OK, will save the data and place the incomplete CA in the CA Hierarchy.. To complete the CA creation at a later stage: |
In AWB, select Cross > Import Request. - In the Select File Containing Request dialog, select the relevant request file and click Open.
In the Modify Requested Cross Certificate dialog, enter the CA name that should appear in the CA Hierarchy in the explorer bar. This field is mandatory. - If required, modify State, Domain and Visibility in subdomain.
To modify the CA Valid from and Expiration date fields, highlight in turn the days, hours, and minutes and adjust using the up and down arrows. The individual units of date and time may also be entered manually. - Click the Issuing CA browse button to open the Select CA window.
Click on the required CA to highlight it and click OK. The selected CA appears in the Issuing CA field. This field is mandatory.
|
Expand |
---|
title | Create the signing CA certificate |
---|
|
To select the CA usage, check Certificate signing and/or CRL signing. Selection of at least one option is mandatory. - Select the required Signature algorithm from the drop-down list.
- Click the Format browse button to open the Select Certificate Format window.
Click on the required format to highlight it and click OK. The selected certificate format appears in the Format field. This field is mandatory. The format must accept the authorityKeyId from the request. This is done by the subordinate-ca-cert format. If any other format is chosen, ensure that the format is suitable. This field is mandatory. Insert excerpt |
---|
| Customize format in AWB |
---|
| Customize format in AWB |
---|
nopanel | true |
---|
|
Click OK. The Signature dialog box appears. See Sign tasks in Certificate Manager for more information.
|
Expand |
---|
title | Export the CA certificate to be returned to the originating CA |
---|
|
Highlight the CA created above and select Cross > Export Certificate. Select the required file format, Binary or Base64, from the sub menu. Use Base64 if the certificate is to be sent to the external CA by email. The Select File for writing Certificate browser window is displayed. Enter the name of the file to be used for the certificate and select its required location. - Click Save.
- The file containing the certificate is now forwarded to the external CA
|
...
Related information