Issuing a certificate in a PKCS #12

See below for the certificate authority to generate a PKCS #12 file containing:

• A key pair generated by Entrust PKIaaS.
• The issued certificate.
• The CA certificate chain of the issued certificate.

To issue a PKCS #12:

1. Generate a key pair and a CSR on your local machine using your preferred tools.

2. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of these roles:

   • Owners
   • Certificate Administrators

3. Click Certificate Authorities in the sidebar.

   

4. In the Certificate Authorities tab, click the name of the certificate authority that will issue the certificates.

   

   ---

   ⚠ Root certificate authorities are not granted profiles to issue PKCS #12 files.

   ---

5. Click the plus + icon to the right of the Issued Certificates tab.

6. Select Server-Side Generated Key Certificate (PKCS #12) in the Certificate type list.

   

7. Complete the following values.

   • Certificate profile
   • PKCS #12 Password
   • Subject
   • Subject Alternative Names

8. Click Issue.

9. Check the certificate details and click Download your PKCS #12 to download the issued PKCS #12 file.

   ---

   ⚠ Entrust PKIaaS does not store the generated key pair in any way. Therefore, you won’t be able to download the PKCS #12 file after leaving this page.

   ---

Certificate profile

Select one of the Subscriber certificate profiles for the certificate authority to issue this certificate.

ℹ The list only includes the certificate profiles selected when Creating an issuing subordinate CA.

PKCS #12 Password

Type and confirm a password to protect the contents of the PKCS #12 file.

Subject

Write the Distinguished Name (DN) of the certificate Subject in RFC 5280 syntax.

Subject Alternative Names

Add optional Subject Alternative Names (SANs) for the certificate subject. Typically, SANs extend the domain names or IP addresses set in the Subject field of a TLS certificate. For example: