This article describes how to issue a certificate when the public key and user data to be stored in the certificate, are available in a request file that complies with the PKCS #10 format. This task is done in the Registration Authority (RA) in Certificate Manager.
This task requires that:
- The Registration Authority is running.
- The issuing procedure to be used is known.
- The officer has the following role:
- Issue certificate
- Issue certificate
- A request file containing data complying with the PKCS #10 format is available.
- A smart card reader is available.
It is possible to use a virtual registration officer certificate, that is, a software token, instead of a smart card to authenticate the officer, but for security reasons, this is not recommended.
- The file name and the media of the issued certificate are optional.
In the RA user interface in Certificate Manager, select the Certificate tab.
Specify paths and file names for the request file and for the media:
Click the button next to Request File and browse to the file containing the certificate request. A format control of the selected file is automatically performed.
Click the button next to File for Media and specify a path and file name for the certificate to be stored. You need write access to the location where the certificate is to be stored.
Select a procedure for the new certificate to be issued.
To see existing procedures, you may have to modify your procedure filters.
Enter data in the input fields. If required, you may change what fields that should be visible. See Select fields in Registration Authority in Certificate Manager.
Fields that are not shown will not be included in the certificate. Use the option Auto add data fields to guarantee that all fields are being sent to the CM host.
As long as the Officer PIN text box is not available, the reason for this will be displayed in the status bar and you should take necessary actions.
Enter your PIN code in Signature PIN.
- Click Submit to send the request to the CM host.