Certificate Enrollment Wizard
The Certificate Enrollment wizard is used to enroll certificates which means requesting a certification authority (CA) to issue a certificate. Start the wizard by clicking the Enroll button on the Certificates page of the Settings dialog.
Using certificate enrollment wizard requires that the CA software supports Certificate Management Protocol version 2 (CMPv2).
Certificate Enrollment - Start
The first page of the Certificate Enrollment wizard displays information on the enrollment process. The enrollment process will create a key pair, consisting of a public and a private key.
Figure : The start of the enrollment process
Click Next to continue the process.
Certificate Enrollment - Identity
On the Identity page, enter the parameters of the certificate to be issued. You can suggest a Common Name (e.g. John Smith), Organization Unit (Marketing), Organization (SSH Communications Security), Country (USA) and E-mail Address (firstname.lastname@example.org).
Figure : Type the parameters of the certificate
The certification authority can change these fields before issuing the certificate. The certificate validity period and other parameters are determined by the configuration of the CA software.
Please note that certificate enrollment requiring manual acceptance in the CA software is not supported. You may be able to compensate for this with PKCS #12 file importing.
Click Next to launch the Key Generation wizard. For more information on the key generation process, see Section Key Generation Wizard.
Certificate Enrollment - Firewall
On the Proxy page, you can define the firewall and proxy settings. If your local setup does not require these to be defined, the fields can be left empty.
Figure : If firewall settings are not required, leave the fields empty
Click Next to continue.
Certificate Enrollment - CA
On the CA page, you can define the certification authority (CA) settings.
Figure : Defining the Certificate Authentication settings
On the CA page, fill in the following fields:
- CMP Service URL
Type in the address of the server that provides the Certificate Management Protocol (CMP) service.
Click Discover to attempt automatic detection of available certification authority services and CA certificates. The found CA services will be listed in the text field and can be selected from the drop-down menu.
Please note that not all systems support the automatic detection functionality.
- CA Certificate
This drop-down menu will show the CA certificates that were found on the selected CMP service. Select a CA certificate from the list.
Alternatively, you can directly type in the file name of the certificate, or select the file by clicking the button on the right-hand side of the file name field. The Select CA Certificate dialog opens, allowing you to locate the certificate file.
Click the View button to display the contents of the current certificate.
- Retrieve CA Certificates from CA URL
Select the desired CA URL from the drop-down list and click Retrieve CA Certificates from CA URL to retrieve the CA certificates from the selected CA address.
- Reference Number
Type in the reference number.
Type in the key information.
Click Next to continue.
Certificate Enrollment - Enrollment
The actual enrollment takes place on the Enrollment page. This may take some time, and the exact duration depends on the amount of network traffic among other factors.
When the process has finished, click Finish to continue.
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.