Create key procedure in Certificate Manager
This article is valid for Certificate Manager 8.4 and later.
This article describes how to create a key procedure within Certificate Authority (CA) in Smart ID Certificate Manager (CM).
A key procedure defines the parameters to be used when issuing an end-user certificate or recovering an archived key. Besides the key, the corresponding certificate can also be recovered by using the reuse option. The certificate will then be identical with the original certificate. If the reuse option is not used, a new certificate will be created when it is recovered.
The key procedure can either be for archiving or recovering keys.
This task is done in the Administrator's workbench (AWB) in Certificate Manager.
Prerequisites
The following prerequisites apply:
Two administration officers must sign the request.
Both officers must have the following roles:
Use AWB
Policy tasks
A connection to the CM host must have been established (see Connect to a Certificate Manager host).
The following information is required by the administration officer during the task of creating a procedure for archiving keys:
The procedure name that will appear in the explorer bar
The key management to be used is archive
The key usage attributes required for the certificate
The key procedure format to be used
The following information is required by the administration officer during the task of creating a procedure for recovering keys:
The procedure name that will appear in the explorer bar
The key management to be used is recover
If the certificate should be reused or not, (that is, if the old certificate should be recovered or a new one issued with the recovered keys)
The key procedure format to be used
Create key procedure
Clicking Save at any time during the creation of the key procedure, before clicking OK, will save the data and place the incomplete procedure request in the Key Procedures sub-group.
To complete the creation of the CRL procedure at a later stage:
Highlight the procedure in the explorer bar.
Select Modify from the Edit menu, the toolbar, or the right-click shortcut menu.
To create a key procedure:
In AWB, select New > Key procedure.
In the Create Key Request dialog, enter the Procedure name that should appear in the Key Procedures sub-group in the explorer bar. This field is mandatory.
Set the procedure State to Active or Closed as required.
Select the Key management parameter.
If Archive is selected as key management, check the Key usage parameters.
If Recover is selected as key management, check Reuse if you want the original certificate to be recreated. If the certificate is not to be reused, a new certificate will be issued when the corresponding key is recovered.
Click the browse button at Format and select the format to be used with this key procedure.
Once a format has been selected, you can customize the set of format definition fields and modules.
At Format, click Advanced.
A pop-up window will appear containing all fields and modules from the selected format file.
The modules are shown in the top section with their indexes in the right column (the indexes determine the execution order of the modules).
The format definition fields are shown in the bottom section with the values of the parameters in the right column. You can edit the values for the definition fields parameters and store them for this particular procedure.
Here is an example with the certificate format rfc5280.
To add new format definition fields or modules click Add Parameter or Add Module. For added fields and modules (that are not present in the format file) you can edit values in the left column and also remove the row with Remove Parameter or Remove Module.
The new values will take precedence over the values in the format file, but the format file will not be affected by these changes.
Enter a Label to describe the object. (Refer to CKA_LABEL in the PKCS #11 specification for more info.)
Click OK and sign the task. See Sign tasks in Certificate Manager for more information.