Versions Compared

Old Version 1

changes.mady.by.user Karolin Hemmingsson

Saved on

compared with

New Version 2

changes.mady.by.user Ann Base

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor

An attribute certificate (AC) can either be issued together with the linked public key certificate (PKC) or issued after the PKC certificate has been issued. The first alternative requires the token procedure being used to specify that both a PKC and an AC should be issued simultaneously. This is described in Issue smart card certificate in Certificate Manager and Issue software token in Certificate Manager respectively.

This article describes how to issue an AC, linked to an existing PKC, in Nexus Certificate Manager (CM). This task is done in the Registration Authority (RA) in Certificate Manager (RA).

Prerequisites

Expand
titlePrerequisites

This task requires that:

  • The Registration Authority is running.
  • The issuing procedure to be used is known.
  • The officer has the following roles:
    • Issue attribute certificate
  • A smart card reader is available.

Step-by-step instruction

Expand
titleIssue attribute certificate
  1. In the RA application window, select the Attribute Certificate tab.

  2. Click Search to open the Select Certificate window to select the base certificate to which the new attribute certificate will be linked.

  3. Check Serial Number and Subject as required. Enter the search criteria in the relevant fields and click Search.

    1. The search results are displayed in the right-hand pane of the Select Certificate window.

    2. Details of a highlighted certificate can be displayed in the lower Details section of the right-hand pane.

    3. The Certificate ID is a decimal string that uniquely represents a certificate in a CM installation.

    4. The Certificate Serial Number must be entered as a hexadecimal string and is shown as a hexadecimal string.

  4. Select the appropriate base certificate and click OK.

  5. Click the button next to File for Media and specify a path and file name for the certificate to be stored. You need write access to the location where the attribute certificate is to be stored.

  6. Select procedure to be used when issuing the attribute certificate.

    Note

    Only token procedures with storage profile Attribute Certificate are listed in the procedure list.


  7. If necessary, click Fields Chooser and select the attributes to be stored in the AC. For more information, see Select fields in Registration Authority in Certificate Manager.

  8. Enter data in the input fields. As long as the PIN field is being disabled, the reason for that is displayed in the status bar at the bottom of the window.

    Note

    More information on how to enter Qualified Certificates (QC) statements is available in Qualified certificates.


  9. Enter your PIN code in Signature PIN.
  10. Click Submit to send the request to the CM host.


Related information