This section describes all the things which you can do with a displayed certificate.
You can find a certificate with two methods. The first method is search. Go to
--> . You can enter some parameters in the displayed search form. The form only accepts wild cards if you use a SQL database. If the search succeeds then you can choose the certificate which will be displayed.The second method is a little bit more “stupid”. Go to -->
and try to find the appropriate certificate in the lists. You can navigate by using the links in lineExtra References
.
You can directly download a certificate into your browser by entering an appropriate serial number. You must know the serial number of the certificate, of the request or you ID in the batch processors. The browser will be automatically detected by the software. Please remember that this method only works if you generated the private key with the browser and the private key is still in your keystore on computer.
There are three different ways to download a certificate. You can download passive data, or you can download the private key and the certificate or you can install the certificate of another user. If you already have the private key and you want to install a new certificate in your browser then please use the direct download, because this is the only software part which sends special HTML-pages for direct certificate installation.
If you only need a certificate in a special format then can choose the format and click on
. The certificate will be send with an appropriate MIME type which prevents browsers from installation. You can save the certificate on a disk and you can do what you (or the policy) want to do with it.If you want to download a certificate and the private key
there are two possibilities. If the operation is allowed
on your interface and the configuration switch
REQUIRE_PASSWD_PUBLIC
is set to
NO
then you can click on download.
If you need the key in a format different from PKCS#8
then you must enter the passphrase to convert the private
key. After this you will receive the key and certificate
and you can save them.
If the operation is allowed
on your interface and the configuration switch
REQUIRE_PASSWD_PUBLIC
is
set to YES
then you must go
to your RA Operator and ask them to set a
passphrase. We do this to avoid denial of service
attacks against the private key of a user. It is
strongly recommended do delete the passphrase
after a short period of time and to generate the
passphrases with things like openssl
rand. User or admin
“generated” passphrase are often not
really secure. If the admin for this certificate via
the RA interface then you can go again to your
interface and download the certificate and private
key. You have to enter the passphrase for the
private key first and then the software will ask you
for a second passphrase to grant you access to the
export command. If you downloaded the key then
please inform the RA Operator and ask him to
remove the passphrase to avoid denial of service
attacks against you private key.
Sometimes you need a certificate of another user
who has never sent you a signed mail. If you have
a normal installation with LDAP support then you
can search the certificate in the directory. There
are installations where this service is not
available. In this case you can go to the
certificate page and if the appropriate
functionality (INSTALL_CERT
)
is activated in the configuration then you can
click on install, and the certificate will be
automatically installed in your certificate
store. After this you can use it to encrypt
emails.