Eureka OL-8880-01 manual Generating a Client Certificate, Certificate Pending

Page 11

Chapter 2 Generating Certificates

Certificate Generation with Windows CA

Figure 2-6 Certificate Pending

Step 6 Click Home (near upper right corner of form) to return to the Certificate Services home page.

Generating a Client Certificate

The procedure to generate a client certificate is very similar to the procedure to generate a server certificate. The only significant differences are the value of the Name field and the Intended Purpose on the Advanced Certificate Request page.

Because this is a client certificate, the Name field should contain the user ID if the certificate is for an individual or the machine name if the certificate is for a computer. The value of the Intended Purpose field must be set to Client Authentication Certificate.

Figure 2-7shows an example of the Advanced Certificate Request form for requesting a client certificate.

WLSE Express AAA Server Certificate Configuration Guide

	OL-8880-01	2-11

Image 11

Contents Certificate Request Creation RSA Key GenerationCertificate Generation Openssl.cnf Configuration FileExample openssl.cnf File Export Opensslconf /opts/open/openssl.cnfCreating a Self-signed CA Root Certificate and RSA Key Required Certificate ExtensionsCreating Test Certificates and Keys Creating a CA DirectoryCreating a Client Certificate Request Converting a CA Certificate to PKCS#12Creating a Server Certificate Request and RSA Key Creating a Server Certificate from the RequestOpenssl x509 -in ./ca/certs/client-cert.pem -text Converting a Client Certificate and Private Key to PKCS#12Select Request a Certificate and click Next Generating a Server Certificate Selecting Certificate Request Type Select Advanced request and click NextKey Options section, select Mark keys as exportable Advanced Certificate Request Form Certificate Pending Generating a Client CertificateExample of Client Certificate Request Form Click Next to proceed Certificate RetrievalCheck Pending Certificate Requests 11 Certificate Issued Click Install this certificate to continueClick Certificates Exporting Server and Client CertificatesSelect Internet Options… 13 Certificates Dialog 15 Export Private Key After entering the file name, click Next to continue 19 Completing the Certificate Export Exporting CA Certificates21 Certificates to Export Openssl pkcs12 -in server.pfx -out server.pem Converting PKCS#12 to PEMEND Certificate OL-8880-01