Create CA key in Certificate Manager
This article includes updates for CM 8.10.
This article describes how to create Certificate Authority (CA) key pairs that can be used when creating CAs within Smart ID Certificate Manager (CM). This task is done in the Administrator's workbench (AWB).
Prerequisites
The following prerequisites apply:
Two administration officers must sign the request.
Both officers must have the following roles:
Use AWB
CA and Key tasks
A connection to the CM host must have been established. See Connect to a Certificate Manager host.
The following information is required by the administration officer during the task:
The key name that will appear in the Key Registry in the explorer bar
The type of key pair storage device to be used for the CA key
The key algorithm and key length to be used for the CA key
Create CA key
Clicking Save at any time during the definition of the CA/SA key, before signing the task, will save the transaction and place the incomplete key request in the Not In Use folder of the Key Registry.
To complete the key definition at a later stage:
Highlight the key in the explorer bar
Select Modify from the Edit menu, the toolbar, or the right-click shortcut menu.
To create a key request:
In AWB, select New > Key.
In the Create Key Request dialog box, enter the Key name that should appear in the explorer bar of AWB. This field is mandatory.
Set the key State to Active or Closed as required.
Select Domain and check Visible in subdomain if applicable.
Select the Authority type CA/SA.
In Type of key, select if a new key shall be created or if an existing key in the device shall be used.
In Device, select the appropriate key storage device. The list includes only those devices that are available, plus a software option where the key pair is stored on disk.
The Key algorithm and the Key operations corresponding to the selected device will be displayed.If creating a new key, select the required Length of the key. The list includes only the key lengths appropriate for the algorithm chosen.
If using an existing key, select the Existing key ID of the key. The list includes only keys that are not already in use.
Click OK. The Signature dialog box appears. See Sign tasks in Certificate Manager for more information.