McAfee MEJCAE-AM-DA Product Guide - Page 56
Retrieve your certificate and add it to your key pair
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 56 highlights
Working with X.509 Certificates Getting an X.509 certificate from a CA 1 Enter the following on the command line: ebs --cert-request [--cert-attribute ] 2 Enter the passphrase for your key pair. The certificate request is sent to the CA server. The server authenticates itself to your computer and accepts your request. In a corporate setting, your company's administrator verifies your information in the request. The identifying information and public key are assembled and then digitally signed with the CA's own certificate to create your new certificate. The administrator sends you an email message stating that your certificate is ready for retrieval. Retrieve your certificate and add it to your key pair Use the --cert-retrieve option to get your certificate from the CA and automatically add it to your key pair. To retrieve your certificate: 1 Enter the following on the command line: ebs --cert-retrieve E-Business Server contacts the CA server and automatically retrieves your new X.509 certificate and adds it to your key. You can verify that the certificate has been added by using the --sig-details option. Manually requesting and adding an X.509 certificate to your key The process for manually requesting and adding an X.509 certificate to your key is similar to the automated process. The difference being that the certificate you request must be in PKCS #10 format, and when the certificate is ready for retrieval, you manually copy and import the key block into your key. There are four main steps to manually requesting and adding an X.509 certificate to your key pair: 1 Retrieve the Root CA certificate from the CA and add it to your keyring (see Retrieving and adding the Root CA certificate to your keyring on page 53). 2 Create a PKCS #10 formatted certificate request (see Creating a PKCS #10 certificate request on page 54). 3 Deliver your certificate request to the CA (see Sending your certificate request to the CA on page 55). 4 Manually retrieve the certificate issued by the CA and add the key block to your key (see Manually retrieve your certificate and add it to your key pair on page 55). Creating a PKCS #10 certificate request Use the --cert-request option with the --pkcs10 modifier to create a certificate-request file in PKCS #10 format. Optionally, you can add certificate attributes using the --cert-attribute modifier to your certificate request. For more information on how to specify a certificate attribute, see Specifying certificate attributes on page 51. Note: The Root CA key is not required for a PKCS #10 certificate request. To create a PKCS #10 certificate request: 1 Enter the following on the command line: ebs --cert-request --pkcs10 --output [--cert-attribute ] 2 Enter the passphrase for your key pair. E-Business Server™ 8.6 Product Guide 54