Manuals - PARTwarehouse

3.4.1. How to create certificates at customer 3.4.1.2. Request certificate manually (with template)
Prev	Next

3.4.1.2. Request certificate manually (with template)

Basic process:

For the creation of an official Server certificate signed by the company's Certificate Authority (CA), at first a certificate request has to be created.
The request is signed by the CA.
The certificate is re-imported in the server's certificate store.
All clients have to trust the CA.

In the following the process is described in detail:

Call "certlm" on the server:
1. Via Windows Start menu -> Manage computer certificates
2. Via PARTadmin -> category Application Server -> AppServer Service -> tabbed page Port configuration -> SSL -> certlm.msc
Manage computer certificates

certlm.msc
In the certlm [Certificates - Local Computer], under Personal -> Certificates, under All Tasks -> Advanced Operations, click on Create Custom Request....

Create Custom Request...

-> The dialog Certificate Enrollment -> Before You Begin is opened.
Click Next.

Before You Begin
Select the option Configured by your administrator (if available) and click Next.

Select Certificate Enrollment Policy

-> The dialog Certificate Enrollment -> Custom request is opened.

Custom request
Select the template Webserver or the one which is stipulated by administration.

Web Server
Click Next.
-> The dialog Certificate Enrollment -> Certificate Information is opened.
Click on the button Properties.

Certificate Information

-> The dialog Certificate Properties is opened.
On the tabbed page Subject, under Subject name -> Type, select the option Common name and under value, enter the following:
```
server.domain
```
Click Add >.

Certificate Properties > Subject

-> Now the value is displayed on the right side.

Certificate Properties > Subject
Under Alternative name with Type "DNS", add all variants of the server hostname for each click Add.
-> The values are displayed on the right side.

Certificate Properties > Subject
Go to General tab and add the Description of the cert.

Certificate Properties > General
Go to Extensions tab and make sure that these key usages are selected.
1. Key usage:
  - Digital signature
  - Key encipherment
2. Extended Key Usage (application policies):
  - Server Authentication
"Key usage" and "Extended Key Usage"
Go to the tabbed page Private Key.
Verify the properties under Cryptographic Service Provider.
Key size should be minimal 2048.

Certificate Properties > Private Key
Key type: Select option Exchange.

Certificate Properties > Private Key
Key permissions:
Enable option Use custom permissions and then click on the button Set permissions.... Select those permissions that the user that runs the appserver has access to the private key.
Confirm with OK.
-> Now the dialog Certificate information is displayed again.

Certificate
Click Next.
The dialog Where do you want to save the offline request? is displayed.
Specify the File name of the certificate request to be generated and click Finish.

Where do you want to save the offline request?
The file servercert.req should then be sent to the administration in order for this to be signed it by the company's CA.
You will get back a signed certificate (a *.crt file)
Import the certificate into the local store under Personal > Certificates (as Admin).
For this, select the certificate, open the context menu and click on Install Certificate or in certlm, under Personal > Certificates on the context menu command All Tasks > Import....

Install Certificate

Import...

After the import of the certificate the dialog Certificate information should show "You have a private key that corresponds to this certificate".

Certificate Information

Then things will work automatically.

Prev	Up	Next
3.4.1.1. Request certificate having auto-enrollment active	Home	3.4.1.3. Request certificate manually (without template)