Create a Company Certificate

During the installation of the empower® Backend, you need a certificate.

Here, you have the option to use a company certificate. This certificate needs to be created in advance.

Note

For further information regarding the SSL certificate types, see SSL Certificates.

For further information regarding the installation of the empower® Backend Install the empower® Backend (Version >= 9.7).

Apply for PKI Certificates

The process of applying for and issuing Private Key Infrastructure (PKI) certificates is not dependent on any particular technology. It follows this pattern:

  1. A public and private key will be generated to represent the identity.

  2. A Certificate Signing Request (CSR) is generated by using the public key and some information about the identity.

  3. The certificate authority uses information from the CSR, your own public key, authorization information, and a signature generated by your own private key to create a certificate.

The details of these steps vary between implementations. Please focus on the issuing.

You do not need any further details. There is a specific process for issuing a certificate.

Every certificate authority has a process that determines whether you will be issued with a certificate or not.

Generate a Certificate Signing Request Using MMC

The MMC registration offers a high level of flexibility. You can request certificates for you, your own computer or another entity.

You can request certificates using MMC with all Windows versions and Windows servers. The only requirement is a graphical user interface.

To do so, follow the following steps:

  1. Start the Microsoft Management Console (MMC) by searching for MMC in the Windows search.

  2. Open the tab File.

  3. Choose the option Add/Remove Snap-in… (Figure 1, “Option Add/Remove Snap-in…).

Figure 1. Option Add/Remove Snap-in…

Option Add/Remove Snap-in…

  1. Choose the option Certificates (Figure 2, “Add Certificate” (1)).

  2. Confirm your choice by clicking on the button Add (Figure 2, “Add Certificate” (2)).

Figure 2. Add Certificate

Add Certificate

  1. Select the option Computer account (Figure 3, “Option Computer account).

    Alternatively, you can choose one of the other options.

    If you choose the option Service account or Computer account, the dialog box switches to the computer selection.

    If you choose another computer rather than your local computer, it shows the certificate storage of it and saves all changes in the respective storage.

Figure 3. Option Computer account

Option Computer account

  1. In the next step, choose the option Local computer (Figure 4, “Option Local computer (1)).

  2. Confirm your choice by clicking on the button Finish (Figure 4, “Option Local computer (2)).

Figure 4. Option Local computer

Option Local computer

  1. Double-click on Certificates (local computer) to expand the view (Figure 5, “Create Custom Request” (1)).

  2. Right-click on the folder Personal (Figure 5, “Create Custom Request” (2)).

  3. Choose the option All Tasks (Figure 5, “Create Custom Request” (3)).

  4. Then choose the option Advanced Operations (Figure 5, “Create Custom Request” (4)).

  5. Then, choose the option Create Custom Request (Figure 5, “Create Custom Request” (5)).

    A dialog box opens.

Figure 5. Create Custom Request

Create Custom Request

  1. Click on the button Next (Figure 6, “Certificate Enrollment Start Screen”).

Figure 6. Certificate Enrollment Start Screen

Certificate Enrollment Start Screen

  1. Choose the option Proceed without enrollment policy (Figure 7, “Enrollment Policy” (1)).

  2. Click on the button Next (Figure 7, “Enrollment Policy” (2)).

Figure 7. Enrollment Policy

Enrollment Policy

  1. Select the option (No template) Legacy key for the template and the option PKCS#10 for the requested format (Figure 8, “Options for Custom Request” (1)).

  2. Confirm the selections by clicking on the button Next (Figure 8, “Options for Custom Request” (2)).

Figure 8. Options for Custom Request

Options for Custom Request

  1. Expand the view by clicking on the button Details (Figure 9, “Certificate Information” (1)).

  2. Then, click on the button Properties (Figure 9, “Certificate Information” (2)).

Figure 9. Certificate Information

Certificate Information

  1. Under General, choose a name and a description (Figure 10, “General Properties”).

Figure 10. General Properties

General Properties

  1. Navigate to the tab Subject.

    1. Under Subject name, choose the option Common name for Type (Figure 11, “Subject Properties” (1)).

    2. For Value, enter your domain (Figure 11, “Subject Properties” (2)).

    3. Click on the button Add (Figure 11, “Subject Properties” (3)).

    4. Repeat this process under Alternative name with the same input.

Figure 11. Subject Properties

Subject Properties

  1. Navigate to the tab Private Key.

  2. Expand the section Cryptographic Service Provider (Figure 12, “Cryptographic Service Provider”).

  3. Make sure the only option selected is Microsoft RSA SChannel Cryptographic Provider (Encryption) (Figure 12, “Cryptographic Service Provider”).

Figure 12. Cryptographic Service Provider

Cryptographic Service Provider

  1. Expand the section Key options.

  2. For Key size, choose the option 4096 (Figure 13, “Key Options”).

  3. Make sure the checkbox for Make private key exportable is ticked (Figure 13, “Key Options”).

Figure 13. Key Options

Key Options

  1. Expand the section Key type.

  2. Choose the option Exchange (Figure 14, “Key Type”).

  3. Click on the button Apply.

  4. Then, click on the button OK.

    The dialog box closes.

  5. Click on the button Next.

Figure 14. Key Type

Key Type

  1. Enter a name for the file and choose a storage locations (Figure 15, “Save Request” (1)).

  2. Under File format, choose the option Base 64 (Figure 15, “Save Request” (2)).

  3. Click on the button Finish.

Figure 15. Save Request

Save Request

Export Certificate to PFX with Private Key

For the import to the backend, a .pfx file is required.

To create a .pfx file which includes the certificate as well as the private key, follow the following steps:

  1. Open the folder Certificate Enrollment Requests (Figure 17, “Subfolder Certificates).

Figure 16. Folder Certificate Enrollment Requests

Folder Certificate Enrollment Requests

  1. Navigate to the subfolder Certificates (Figure 17, “Subfolder Certificates).

Figure 17. Subfolder Certificates

Subfolder Certificates

  1. Right-click on the required certificate (Figure 18, “Required Certificate”).

    A context menu opens.

Figure 18. Required Certificate

Required Certificate

  1. Choose the option All Tasks (Figure 19, “Option Export (1)).

  2. Then, choose the option Export (Figure 19, “Option Export (2)).

    The Certificate Export Wizard opens.

Figure 19. Option Export

Option Export

  1. Click on the button Next (Figure 20, “Certificate Export Wizard”).

Figure 20. Certificate Export Wizard

Certificate Export Wizard

  1. Choose the option Yes, export the private key (Figure 21, “Export Private Key”).

  2. Click on the button Next.

Figure 21. Export Private Key

Export Private Key

  1. Configure the format for the export file (Figure 22, “Configure Format”).

    To do so, enable the following options:

    Include all certificates in the certification path if possible

    Expand all extended properties

    Enable certificate privacy

  2. If the key should remain on the system, disable the option Delete private key after successful upload.

  3. Click on the button Next.

Figure 22. Configure Format

Configure Format

  1. Enter a password to protect the private key (Figure 23, “Export Security” (1)).

  2. Confirm the password.

  3. Choose your encryption method (Figure 23, “Export Security” (2)).

    It is recommended to choose the option AES256-SHA256.

  4. Click on the button Next.

Figure 23. Export Security

Export Security

  1. Select the storage location for the .pfx file (Figure 24, “Save .pfx File”).

  2. Enter a file name.

  3. Click on the button Next.

Figure 24. Save .pfx File

Save .pfx File

  1. To finish the export, click on the button Finish (Figure 25, “Finish Export”).

Figure 25. Finish Export

Finish Export

After finishing the export, you can find the .pfx file under the specified storage location.

This file can now be imported to the empower® Backend using the empower® Backend Installer.

Note

For further information regarding the installation of the empower® Backend, see Install the empower® Backend (Version >= 9.7).

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.