|[Front page] [Index]|
When two independent CA hierarchies need to be connected or a sub-CA needs to be created, cross-certification is involved. In the case of independent PKI domains, two CAs may both issue CA certificates for each other. In the case of sub-CA creation, only one certificate is issued.
Click the Cross-Certification option in the System Configuration menu to open the Send Cross-Certificate Request page.
Type in some search criteria and click the Search button to see the list of certificate requests generated with SSH Tectia Certifier. Choose the correct certification request from the drop-down menu and click the Commit button.
A cross-certificate request can be generated by clicking the Re-issue button on the CA certificate page. This operation will create a in the database a request that can be used in cross-certification.
If CMP is used for cross-certification, External Enrollment Client Service needs to be selected in the Enroll Client Service list and the enrollment URL given in the corresponding field. In the case of CMP, a list of available remote Certifier CAs can be queried by using Refresh button. Also the reference number and key need to be filled in. These should be provided by the issuing CA operator. Click the Proceed button to initiate the CMP cross-certification.
If you want to use manual cross-certification, click the View PKCS10 Request button to view the certificate request. When performing manual cross-certification, the request needs to be copied and pasted to a file and then sent to the CA.