Examples

How to create a complete infrastructure

To create a complete infrastructure, follow these steps:

1. Create a new private/public key pair.
2. Generate a PKCS10 X.509 Certificate request to be provided by your Certification Authority. Go to Setup → Key Store → Certificates → Request and configure the following parameters:

3. Press the Save button. You will be prompted to save to your hard drive the generated PKCS10 certificate request in PEM format.
4. Send the saved file to the Certification Authority to be signed.
5. Once your Certification Authority has signed your certificate request, import the X.509 Certificate into the key store and associate it to the related private key going to Setup → Key Store → Certificates → Import.
6. Select Import Certificate and upload the X.509 Certificate file (either in DER or PEM format). The private key associated with the X.509 Certificate will be imported as well.

How to import an existing private key

To import an existing private key in PKCS8 format, go to Setup → Key Store → Keys → Import and select Import Key.

Existing private keys in PKCS12 format - containing other objects - must be imported via command line with the tokedit.sh utility, option import-p12:

import-p12 Import all the content of a PKCS#12 file
Usage: import-p12 [options]
Options:
* --in, -i
The path of the P12 input file
* --pwd, -p
The password to access the p12 file.
--cryptosystem, -c
The cryptosystem whose command is referred to
--name, -n
The name of the token whose command is referred to

How to export an object

To export a key store object - either a private key or an X.509 Certificate - press the Export button on the desired object. Depending on the selected object type, different export formats are available:

• Private Keys export formats:

  o PKCS8
  o OpenSSL Private/Public Key
  o OpenSSH Private/Public Key

• X.509 Certificate export formats:

  o PEM/text
  o DER/binary