5 Ways to Create Certificates
There are five ways to generate/import and certify a key in ADSS Server for its infrastructure use:
Self-Signed Certificates
A self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. The following are the steps to generate a self-signed certificate in ADSS Server.
Generate Delegated Certificates using Locally Configured CAs
A CA can be configured in ADSS Server to generate the delegated certificates for different purposes if Manage CAs module is licensed. If the said module is licensed then follow these steps to generate a delegated certificate:
Generate Delegated Certificates using Online External CA
An external CA can be configured in ADSS Server to generate the delegated certificates for different purposes if Manage CAs module is licensed. In this case, target CA's URL is configured in Manage CAs > Configure External CA module. The key is generated in ADSS Server and a certificate request (PKCS#10) is sent to the CA to certify it. This key can be used for different cryptographic operations in ADSS Server. ADSS Serve supports integration with the following external CAs:
The following are the steps to generate an infrastructure key from the external CA.
Generate PKCS#10 and Certify using Offline CA
If Manage CAs module is not licensed then there is no option to certify a key in ADSS Server either using Local CA or External CA. There is another option available that you generate the key in ADSS Server and then create a certificate request (PKCS#10) and send it manually to CA to certify it. Import the certificate received from the CA against that key to use in ADSS Server. The following are the steps to generate a PKCS#10 in ADSS Server:
Import Existing Key (PFX, P12 file)
If the key is already generated and certified outside the ADSS Server, you will get a .pfx/.p12 file. This file can be imported in ADSS Server by following these steps:
See also