Importing CV Certificates
There can be cases where clients might want to migrate their existing CVCAs or DVCAs to ADSS therefore ADSS provides a way to import the keys and certificates of these CAs so that they can be configured in ADSS Server to issue certificates. For this, the hardware HSM device that contains the CVCA/DVCA key-pairs is configured as crypto profile in ADSS. Once a crypto profile is configured, the CVCA or DVCA key’s information can be imported into ADSS Server.
The operator will navigate to the following screen and select the relevant Crypto Profile:
Click on the 'Import Existing Keys' button to import the keys from HSM. The following screen will be displayed:
The operator will select the required CVCA or DVCA key and select a relevant purpose (CVCA/DVCA) from the list of purposes. Unlike X.509 certificates, CV certificates would not be stored inside HSM hence only key information will be imported. The relevant certificate would be imported later using another module by uploading the certificate file.
Once a key’s information is imported, the key will be visible in service keys as shown below:
Now to import the certificate against the imported key, Click on the 'Certificates' button, following screen will be displayed
Click on the "Import Certificate" button and the following screen will be displayed:
Import Certificate fields represents the certificate against the relevant key, whereas Issuer Certificate drop-down will list the issuers trusted inside the Trust Manager.
See also