Skip to main content
Skip table of contents

SA key tasks in Certificate Manager

This article is added for CM 8.10. 

This article describes how to create, modify, and delete Signing Authority (SA) key pairs that can be used when creating SAs within Smart ID Certificate Manager (CM). The SA key tasks are done in the Administrator's workbench (AWB).

Create SA key

Prerequisites

The SA key tasks require a specific license option.

The following task requires MSO signatures to be completed.

Both officers must have the following roles:

  • Use AWB

  • Signing Authority and SA Key tasks

Step-by-step instruction

Clicking Save at any time during the definition of the CA/SA key, before signing the task, will save the transaction and place the incomplete key request in the Not In Use folder of the Key Registry.

To complete the key definition at a later stage:

  • Highlight the key in the explorer bar

  • Select Modify from the Edit menu, the toolbar, or the right-click shortcut menu.

To create a key request:

  1. In AWB, select New > Key.

  2. In the Create Key Request dialog box, enter the Key name that should appear in the explorer bar of AWB. This field is mandatory.

  3. Set the key State to Active or Closed as required.

  4. Select Domain and check Visible in subdomain if applicable.

  5. Select the Authority type CA/SA.

  6. In Type of key, select if a new key shall be created or if an existing key in the device shall be used.

  7. In Device, select the appropriate key storage device. The list includes only those devices that are available, plus a software option where the key pair is stored on disk.
    The Key algorithm and the Key operations corresponding to the selected device will be displayed.

  8. If creating a new key, select the required Length of the key. The list includes only the key lengths appropriate for the algorithm chosen.

  9. If using an existing key, select the Existing key ID of the key. The list includes only keys that are not already in use.

  10. Click OK. The Signature dialog box appears. See Sign tasks in Certificate Manager for more information.

Modify SA key

  1. In AWB, select the CA/SA key to be modified by highlighting it.

  2. Select the Modify command from the Edit menu, toolbar or shortcut menu.

  3. In the Modify dialog you can:

    1. Change the name that appears in the explorer bar of the AWB window

    2. Change State to Active or Closed as required

    3. Change Domain and Visible in subdomain.

    4. Change Authority type if the authority object is not yet already in use by an authority.

  4. When the required changes are complete, click OK and sign the request. See Sign tasks in Certificate Manager for more information.

Remove SA key

  1. In AWB, select the CA/SA key to be deleted by highlighting it.

  2. Select Tools > Remove key. The Signature dialog box appears. See Sign tasks in Certificate Manager for more information.

Only Not In Use or Retired keys can be removed. For a Retired key the CA/SA must be revoked.

Additional information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.