External CA Certificate Issuer
Officer Login
Once the ‘Key Profile’ is created by the CA Administrator, login as ‘Officer’ to create Key Pairs and generate CSR.
Generate Key Pair
Click on "Generate Key Pair " to open the following dialog:
Enter the number of keys that you want to generate. In general, you will need 1 key for 1 CA and 1 more key, if that CA will receive an OCSP certificate.
Select the "Key Profile" you want to use from the first dropdown list.
Choose the "Algorithm" from the drop-down
Select the "Signature algorithm" from the third dropdown list. This will filter the element for the third dropdown list accordingly
Select the "Key Algorithm" and "Key Size" from the fourth dropdown list.
Press "Proceed" to continue and authenticate the action.
Click on "Generate Key Pair(s)" to generate the keys.
After the successful generation of the key pair, the success message as shown below.
Click on "View all" or "+ New" to continue with this new Key Pair creation.
Generate CSR
Click on Manage CA Certificate -> Enroll. The following screen will be displayed.
Click on Action icon
in ‘Action’ column as shown in the above Figure.
The following page will be displayed.
By default, ‘Certificate’ radio button will be selected. Please change the option to ‘CSR’.
The following options will be displayed.
Select the ‘Subject DN’ from the drop-down. The following options will be displayed.
Select ‘Subject DN’ - ‘Common Name’ from the drop-down.
Once the Common Name is selected under Subject DN, click on ‘+’ icon next to the ‘Common Name’ from the drop-down.
A new field will be displayed based on the selection made.
Enter the relevant details in the new field (‘Common Name’ in the current example) as viewed below.
Follow the same process to add individual Subject DN details and their relevant values.
Once the details are added, click on ‘Proceed’ button. The following ‘Verify and Confirm’ page will be displayed.
The following ‘Verify & Confirm’ page will be displayed.
Officer should enter the Username and Token pin and click on ‘Authenticate’.
On successful authentication, click on ‘Create’ button.
CSR will be successfully created as displayed below.
Clicking on “Download CSR” will download .csr in the system.
To view the CSR created, click on ‘View All’.
Once the CSR is signed by the Root Authority, login as ‘Officer’ to Import the Signed Certificate.
Import Issuer Certificate
To import ‘Issuer Certificate’, login as ‘Officer’ and click on Manage CA Certificate -> CA Certificates. The following page will be displayed.
Click on ‘Import Issuer Certificate’ on the top right corner of the page.
The following pop-up will be displayed.
Click on ‘Choose File’ and upload.
Once the file is uploaded, enter the username and Token Pin of the respective officer and click ‘Authenticate’.
On successful authentication, click on ‘Import X509’ to import the certificate.
The Certificate will be imported successfully and the following success message will be displayed.
Import CA Certificate
Click on Manage CA Certificate -> CA Certificates. The following page will be displayed.
To import CA Certificate signed by CCA, click on ‘Import 
’ icon available in the ‘Action’ column corresponding to the respective CA Certificate as shown in the above figure.
The following pop-up will be displayed.
Click on ‘Choose File’ and upload.
Once the file is uploaded, enter the username and Token Pin of the respective officer and click ‘Authenticate’.
On successful authentication, click on ‘Import X509’ to import the certificate.
The Certificate will be imported successfully, and the following success message will be displayed.
Last updated