McAfee MEJCAE-AM-DA Product Guide - Page 52

7 Working with X.509 Certificates This chapter describes how to add, export, and create X.509 digital certificates, electronic documents used to prove identity and public key ownership over a communication network. To: Understand common X.509 options Add an X.509 certificate to your key Request and add an X.509 certificate from a CA Export an X.509 certificate from your key Issue X.509 certificates Update X.509 certificates on your keyring See: Common X.509 options on page 50 Adding an X.509 certificate to your key or keyring on page 52 Getting an X.509 certificate from a CA on page 52 Exporting an X.509 certificate from your key on page 55 Issuing X.509 certificates on page 56 Updating X.509 certificates on your keyring on page 58 Common X.509 options When requesting, exporting, or creating X.509 certificates, you may need to specify information such as the issuer's distinguished name, the issuer assigned serial number or certificate attributes. The following sections explain how to specify this information. Specifying a certificate with the issuer's name and serial number One key can contain several certificates, and the certificates can all be from the same issuer; therefore, in order to uniquely identify a certificate, you may need to specify two pieces of information: the issuer's distinguished name (DN) and the issuer assigned serial number on the certificate. This combination is always unique. Specify the issuer's DN using the --issuer-dn modifier. Specify the serial number assigned by the issuer using the --issuer-serial modifier. You can find the issuer's DN and the certificate's serial number using the --sig-detail option. ebs --sig-detail For example, if there's an X.509 certificate attached to a key belonging to Scott Tibson, key ID 0x196DE730, then you would enter the following to get more information about the certificate: ebs --sig-detail 0x196DE730 E-Business Server™ 8.6 Product Guide 50