Issue server certificate in PKCS#12 format
In the Nexus Smart ID module Digital ID, a server certificate can be issued via a PKCS#12-formatted software token, with or without approval step. A PKCS#12 software token contains a key pair and the corresponding certificate.
Standard workflow
Actor | Action | Option | |
---|---|---|---|
1 | Server certificate registration officer | In Identity Manager, selects a server and clicks Request P12 certificate. If needed, edits the certificate data. | - |
2 | Identity Manager | Checks if there are already installed certificates on the server. If there are, the old certificates can optionally be locked. | - |
3 | Server certificate registration officer | If existing server certificates were found, selects to lock them or not. | - |
4 | Server certificate approver | Approves the certificate request. | No approval step. |
5 | Identity Manager | Requests a PKCS#12 software token and generates a password. | - |
6 | CA | Issues a PKCS#12 token. | - |
7 | Identity Manager | Stores the certificate details and distributes the PKCS#12 token by email or for download, depending on the server configuration in Identity Manager. Displays the password. | - |
8 | Downloads the PKCS#12 token from Identity Manager or receives it in an email. Installs the certificate on the server. Notes the displayed password. Confirms in Identity Manager that the certificate installation was successful. | - | |
9 | Server responsibles | Gets an email notification. | - |
Technical reference
Option | Process |
---|---|
Request P12 certificate with approval | ScmProcIssueServerCertP12 (see image) |
Request P12 certificate without approval | ScmProcIssueServerCertP12WithoutApproval |