Generating Certificate Requests

Connectivity Secure Shell

Generating Certificate Requests

If you do not want to use a self-signed certificate, you can request a certificate from a certificate authority (CA). A certificate request contains personal information describing the individual requesting the certificate. This certificate request is sent to the appropriate certificate authority or security administrator who, in turn, sends you a signed certificate.

To generate a certificate request:

  1. Open the Certificate Creation Wizard by clicking User Certificates in the left pane of the console, and then clicking the Create New Certificate button at the bottom of the certificate pane.
  2. On the Wizard Type drop-down list, select Create A Certificate Request.
  3. Click Next on the welcome screen. The Certificate Information screen opens.
  4. Provide the required information and click Next.
  5. Do one of the following:
    • If you have already created a keypair, select it from the User Keys list, and type the passphrase for the selected key. You can use the buttons below the User Keys list to view key details and change the passphrase.
    • If you have not created a keypair, click the Create New Key button and use the Key Generation Wizard to create a keypair. For more information, see Generating Private/Public Keypairs.
  6. Click Next. The wizard generates the certificate request. The public key part of the private/public key combination you specified is stored into the certificate.
  7. Click Finish.
  8. The certificate is listed in the certificate pane, and the request is now saved in the my.hcs file located in the certs directory where the user files are stored on your machine. Use the Export button to export the certificate to .pem format.
  9. Manually forward the .pem exported request to the appropriate CA (for example, a commercial CA such as a Verisign or your organization's private CA) or to your security administrator. You can send the certificate request through e-mail.

When you receive the signed certificate (for example, the user certificate or a new root certificate), you must update the certificate request with the certificate you received. To do so, double-clicking your original certificate request in the right pane of the console. In the Certificate Information dialog box, click Update. In the Open dialog box, select the file where you saved the response from the CA and click Open.