Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

PreviousNextUp[Front page] [Index]

Cross-Certification

When two independent CA hierarchies need to be connected or a sub-CA needs to be created, cross-certification is involved. In the case of independent PKI domains, two CAs may both issue CA certificates for each other. In the case of sub-CA creation, only one certificate is issued.

Sending Cross-Certificate Request

Click the Cross-Certification option in the System Configuration menu to open the Send Cross-Certificate Request page.


gui-sendcrosscertificaterequest-47.gif
Figure : Searching for certificate requests

Type in some search criteria and click the Search button to see the list of certificate requests generated with SSH Tectia Certifier. Choose the correct certification request from the drop-down menu and click the Commit button.

A cross-certificate request can be generated by clicking the Re-issue button on the CA certificate page. This operation will create a in the database a request that can be used in cross-certification.

If CMP is used for cross-certification, External Enrollment Client Service needs to be selected in the Enroll Client Service list and the enrollment URL given in the corresponding field. In the case of CMP, a list of available remote Certifier CAs can be queried by using Refresh button. Also the reference number and key need to be filled in. These should be provided by the issuing CA operator. Click the Proceed button to initiate the CMP cross-certification.


gui-sendcrosscertificaterequest2-48.gif
Figure : Sending the cross-certificate request

If you want to use manual cross-certification, click the View PKCS10 Request button to view the certificate request. When performing manual cross-certification, the request needs to be copied and pasted to a file and then sent to the CA.


PreviousNextUp[Front page] [Index]

===AUTO_SCHEMA_MARKUP===