Generate a PKCS #12 file containing both a certificate and a key pair.
To generate a PKCS #12
Select Create > PKIaaS.
- Select the Certificate Authority.
- Select a Certificate Profile configured to generate PKCS #12 files.
- Click Next to display the certificate form.
Configure the following settings:
- Click Submit to generate the certificate and the key pair.
- On the confirmation page, click the link to download a PKCS #12 file containing the certificate and the key pair.
Subject DN
Write the Distinguished Name (DN) of the certificate subject. For example:
CN=www.entrust.com, OU=PKIaaS, O=Entrust, c=CA
Certificate Expiry
Select the certificate expiration date. Specifically, the certificate will expire at 23:59:59 on the selected date, calculated for the time zone set in your browser.
Because of Daylight Savings Time (if applicable) and the time zone set in your browser, you may see a discrepancy between the actual certificate expiry date (the one you set) and the expiry date you will see in some system viewers or parsers. The Windows System Viewer, in particular, does not handle Daylight Savings Time correctly.
Subject Alternate Names
Select optional Subject Alternate Names (SAN) for the certificate subject – for example:
- S/MIME email certificates require an RFC822 Name email address.
- Network device or web server certificates for TLS authentication require a DNS Name or IP Address value matching the URL used by the client.
See below for the supported types.
SAN Type | Sample value |
---|---|
DNS Name | |
IP Address | 192.168.1.1 |
RFC822 Name | |
Directory Name | cn=john doe,o=example inc,c=us |
Uniform Resource Identifier | |
Registered ID | 1.2.3.4.5.6.7.8 |
Other Name | oBgGCCsGAQUFBwgDoAwwCgwIMTIzNDU2Nzg= |
The Other Name value is a DER encoding because this type supports an unbounded number of possible subtypes which often cannot be represented as simple strings.
PKCS #12 Password
Type a password to protect the PKCS #12 contents.
Confirm PKCS #12 Password
Retype the password.