Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes how to create Certificate Authority (CA) key pairs that can be used when creating CAs within Smart ID Certificate Manager (CM). This task is done in the Administrator's workbench (AWB) 

Expand/Collapse All


The following prerequisites apply:

  • Two administration officers must sign the request.
  • Both officers must have the following roles:
    • Use AWB
    • CA and Key tasks
  • A connection to the CM host must have been established. See Connect to a Certificate Manager host.

  • The following information is required by the administration officer during the task:

    • The key name that will appear in the Key Registry in the explorer bar

    • The type of key pair storage device to be used for the CA key

    • The key algorithm and key length to be used for the CA key

Step-by-step instruction

Clicking Save at any time during the definition of the CA key, before signing the task, will save the transaction and place the incomplete key request in the Not In Use folder of the Key Registry.

To complete the key definition at a later stage:

  • Highlight the key in the explorer bar
  • Select Modify from the Edit menu, the toolbar, or the right-click shortcut menu.

To create a key request:

  1. In AWB, select New > Key.
  2. In the Create Key Request dialog box, enter the Key name that should appear in the explorer bar of AWB. This field is mandatory.
  3. Set the key State to Active or Closed as required.
  4. Select Domain and check Visible in subdomain if applicable.
  5. In Type of key, select if a new key shall be created or if an existing key in the device shall be used.
  6. In Device, select the appropriate key storage device. The list includes only those devices that are available, plus a software option where the key pair is stored on disk.
    The Key algorithm corresponding to the selected device will be displayed.
  7. If creating a new key, select the required Length of the key. The list includes only the key lengths appropriate for the algorithm chosen.
  8. If using an existing key, select the Existing key ID of the key. The list includes only keys that are not already in use.
  9. Click OK. The Signature dialog box appears. See Sign tasks in Certificate Manager for more information.