Creating or Importing Certificates (9.5)

Certificate Management

You can choose to create your own certificates (self-signed, or to be signed by a Certificate Authority); or you can choose to import existing certificates or keystores into the IDHub keystore.

Generate Key Certificate

Field Description
Alias The name by which the certificate is referenced.
Algorithm Defines what kind of Key Pair algorithm is used.
Validity How long the certificate will be valid (In Months)
Subject The subject definition of the certificate.  Contains information such as:
  • Common Name
  • Organization Name
  • Locality
  • Country
Extension Parameters The Key Usage extensions define what a particular certificate may be used for, as described in 

Certificate Signing Request

Once a certificate is created, it is considered self-signed.  To get a signed certificate, export the "Certificate Signing Request (CSR), and submit it to your Certificate Authority (CA).  Once the certificate is returned, signed by the CA, it can be imported, and this import will replace the self-signed certificate.

The advantage of this method, is that the private key is never exposed, as it is not included when submitting it to the CA.

Importing a Certificate

Any standard type of certificate can be imported. As long as it is a singular certificate. To import multiple certificates, use the "Import Keystore" function.

If a certificate is imported, which contains a private key, it is strongly recommended to encrypt the certificate using a password.

Field Description
Alias The name by which the certificate is referenced.
Contains Private Key Whether or not the certificate contains a private key.
Password The key with which the certificate's private key is encrypted.

Import Keystore

This function allows you to import a keystore (PKCS12 files) ; however it is not possible to import a java keystore (jks). A keystore contains one or more certificates, which are protected (encrypted) with a password.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.