McAfee MEJCAE-AM-DA Product Guide - Page 57
Sending your certificate request to the CA
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 57 highlights
Working with X.509 Certificates Exporting an X.509 certificate from your key E-Business Server creates a PEM-encoded block of text representing your certificate request. Once you have created a PKCS #10 certificate request, you must send your request to the CA. For instructions, see Sending your certificate request to the CA on page 55. Sending your certificate request to the CA When manually requesting an X.509 certificate, you must deliver your certificate request to the Certificate Authority. Copy your certificate request, the PEM-encoded block of text, and send it to your Certificate Authority. Typically, you can send this via email or copy it directly to the CA's web-site. This process varies between Certificate Authorities. Manually retrieve your certificate and add it to your key pair You need to manually copy the key block representing your new certificate and add it to your key pair. To retrieve your certificate and add it to your key pair: 1 Go to the CA's web-site and copy the key block for your X.509 certificate and paste it into a file. 2 Add the X.509 certificate to your key by entering the following on the command line: ebs --key-add --x509 Where is the name of the file where you copied the key block. The X.509 digital certificate is added to the key you specified when you created the certificate request. You can verify that the certificate has been added by using the --sig-details option. Exporting an X.509 certificate from your key You can export (copy) an X.509 certificate associated with your key to a file. The certificate you want to export must be uniquely identified using the --issuer-dn and --issuer-serial modifiers on the command line. For more information on identifying the certificate you want to use, see Specifying a certificate with the issuer's name and serial number on page 50. EBS supports exporting PEM, DER (PKCS #7) and PKCS #12 formatted certificates. By default, the key is exported in binary (DER) format. If you add the --armor modifier, PEM-encoded format is used instead. A .crt extension is added to the filename (both with and without --armor specified). Include the --with-private modifier to include the private portion of the key pair you are exporting, so that you can use your key to certify your web browser to remote servers. Both the key pair and the certificate are exported in PKCS #12 format. E-Business Server uses a .pfx extension on the output filename making it easy to import the certificate into Internet Explorer. Caution: The PKCS #12 certificate format encodes a decrypted version of a private key. We recommend using extreme caution when exporting or using PKCS #12 export format. To export an X.509 certificate: Use the following syntax: ebs --key-export --x509 [--with-private] [--issuer-dn [--issuer-serial ] [--output ] For example: ebs --key-export "Cheri Walton" --x509 --with-private --issuer-dn "CN=Root CA, [email protected], OU=EBS, O=MCAFEE" --issuer-serial 2840D4A097CF3E1B4016 --output X509cert E-Business Server copies the certificate that matches both the issuer's DN and the serial number specified to the file X509cert.pfx. 55 E-Business Server™ 8.6 Product Guide