Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Cross-Certification

When two independent CA hierarchies need to be connected or a sub-CA needs to be created, cross-certification is involved. In the case of independent PKI domains, two CAs may both issue CA certificates for each other. In the case of sub-CA creation, only one certificate is issued.

Sending Cross-Certificate Request

Click the Cross-Certification option in the System Configuration menu to open the Send Cross-Certificate Request page.


gui-sendcrosscertificaterequest-47.gif
Figure : Searching for certificate requests

Type in some search criteria and click the Search button to see the list of certificate requests generated with SSH Tectia Certifier. Choose the correct certification request from the drop-down menu and click the Commit button.

A cross-certificate request can be generated by clicking the Re-issue button on the CA certificate page. This operation will create a in the database a request that can be used in cross-certification.

If CMP is used for cross-certification, External Enrollment Client Service needs to be selected in the Enroll Client Service list and the enrollment URL given in the corresponding field. In the case of CMP, a list of available remote Certifier CAs can be queried by using Refresh button. Also the reference number and key need to be filled in. These should be provided by the issuing CA operator. Click the Proceed button to initiate the CMP cross-certification.


gui-sendcrosscertificaterequest2-48.gif
Figure : Sending the cross-certificate request

If you want to use manual cross-certification, click the View PKCS10 Request button to view the certificate request. When performing manual cross-certification, the request needs to be copied and pasted to a file and then sent to the CA.


PreviousNextUp[Front page] [Index]


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more