Requesting an X509 Certificate

To obtain an X509 certificate, you must ask a CA to issue you one. You provide your public key, proof that you possess the corresponding private key, and some specific information about yourself. You then digitally sign the information and send the whole package - the certificate request - to the CA. The CA then performs some due diligence in verifying that the information you provided is correct and, if so, generates the certificate and returns it.

You might think of an X509 certificate as looking like a standard paper certificate with a public key taped to it. It has your name and some information about you on it, plus the signature of the person who issued it to you.

1. Click the 'Certificates' icon in the 'Advanced' screen of the Web-base Management. The 'Certificates' screen will appear (see figure 11.42).

   Figure 11.28: Certificate Management

   
2. Click the 'OpenRG's Local' certificates tab.
3. Click the 'Create Certificate Request' button. The 'Create X509 Request' screen will appear (see figure 11.29).

   Figure 11.29: Create X509 Request

   
4. Enter the following certification request parameters:
   • Certificate Name
   • Subject
   • Organization
   • State
   • Country
5. Click the 'Generate' button. A screen will appear stating that the certification request is being generated (see figure 11.30).

   Figure 11.30: Generating a Request

   
6. After a short while, press the 'Refresh' button, until the 'Save Certificate Request' screen appears (see figure 11.31).

   Figure 11.31: Save Certificate Request

   
7. Click the 'Save Certificate Request' button and save the request to a file.
8. Click the 'Close' button. The main certificate management screen will reappear, listing your certificate as ``Unsigned''. In this state, the request file may be opened at any time by pressing the 'save' icon under the 'Action' column and then 'Open' in the dialogue box (Windows only).

   Figure 11.32: Unsigned Certification Request

   
9. After receiving a reply from the CA in form of a '.pem' file, click the 'Load Certificate' link. The 'Load OpenRG's Local Certificate' screen will appear (see figure 11.43).

   Figure 11.33: Load Certificate

   
10. Use the Browse button to browse to the signed certificate '.pem' file. Leave the password entry empty and press "Load" to load the signed certificate. The certificate management screen will appear, displaying the certificate name and issuer (see figure 11.44).

    Figure 11.34: Loaded Certificate

    
11. You can click the 'save' icon under the 'Action' column, and then 'Open' in the dialogue box to view the 'Certificate' window (Windows only) (see figure 11.35). Alternatively, click 'Save' in the dialogue box to save the certificate to a file.

    Figure 11.35: Certificate Window

    
12. You can also click the 'edit' icon under the 'Action' column to view the 'Certificate Detail' screen (see figure 11.36).

    Figure 11.36: Certificate Detail