Issue server certificate in PKCS#12 format
In the Nexus Smart ID module Digital ID, a server certificate can be issued via a PKCS#12-formatted software token, with or without approval step. A PKCS#12 software token contains a key pair and the corresponding certificate.
Standard workflow
| Actor | Action | Option | |
|---|---|---|---|
| 1 | Server certificate registration officer | In Identity Manager, selects a server and clicks Request P12 certificate. If needed, edits the certificate data. | - |
| 2 | Identity Manager | Checks if there are already installed certificates on the server. If there are, the old certificates can optionally be locked. | - |
| 3 | Server certificate registration officer | If existing server certificates were found, selects to lock them or not. | - |
| 4 | Server certificate approver | Approves the certificate request. | No approval step. |
| 5 | Identity Manager | Requests a PKCS#12 software token and generates a password. | - |
| 6 | CA | Issues a PKCS#12 token. | - |
| 7 | Identity Manager | Stores the certificate details and distributes the PKCS#12 token by email or for download, depending on the server configuration in Identity Manager. Displays the password. | - |
| 8 | Downloads the PKCS#12 token from Identity Manager or receives it in an email. Installs the certificate on the server. Notes the displayed password. Confirms in Identity Manager that the certificate installation was successful. | - | |
| 9 | Server responsibles | Gets an email notification. | - |
Technical reference
| Option | Process |
|---|---|
| Request P12 certificate with approval | ScmProcIssueServerCertP12 (see image) |
| Request P12 certificate without approval | ScmProcIssueServerCertP12WithoutApproval |