Updated on 2022-04-02 GMT+08:00

Application Method 3: Applying Through Dual Certificates

Context

Dual certificates refer to the signature certificate and encryption certificate, which are used to establish TLS connections.

Procedure

  1. Choose System > About > Certificate Authority Service from the main menu.
  2. Choose Certificate Application > Certificate Application from the navigation tree on the left.
  3. On the Apply by Dual-Certificate tab page, enter certificate application information.

    For detailed parameter descriptions, see Table 1.

    Table 1 Dual-certificate parameters

    Parameter

    Description

    Value

    Associated CA

    Associated CA used to apply for a certificate from the CA.

    N/A

    Applicant

    You can customize the name of a applicant to distinguish different applicants.

    N/A

    Signature certificate

    Signature certificate profile

    Signature certificate profile, which is used to issue the signature certificate.

    N/A

    CSR file

    Certificate signing request.

    • The certificate chain file to be uploaded must be in .csr, .txt, or .req format.
    • Only one file can be uploaded and the file size cannot exceed 100 KB.
    • The certificate file name is a string of 1 to 256 characters containing Chinese characters, digits, letters, underscores (_), and hyphens (-), spaces, dots (.) and round brackets. It cannot start with a dots (.) or space.
    • The subject information in the CSR file must be different from that of the associated CA. Otherwise, certificate application fails.

    Encryption certificate

    Subject info is consistent with signature certificate's info

    • If this option is selected, the subject information is the same as that of the signature certificate.
    • If this option is not selected, you need to enter the subject information configured in the profile after selecting an encryption certificate profile.

    N/A

    Encryption certificate profile

    Encryption certificate profile used to issue the encryption certification.

    Only the profile of a certificate with the End entity level can be selected.

  1. Click Submit.

Related Tasks

  • Viewing a certificate

    On the PKI Management > Certificate page, click the SN of a certificate to view the certificate details.

    A certificate will be automatically deleted 30 days after it expires. If the number of certificates issued by the Certificate Authority Service exceeds 80% of the maximum number supported by the Certificate Authority Service, all expired certificates are automatically deleted.

  • Updating a certificate

    On the PKI Management > Certificate page, click Update in the Operation column of a certificate to update it. After the certificate is updated, you can choose whether to download the certificate to the local computer.

    The certificate obtained by using CMP, privacy CA protocol or uploading the CSR file cannot be updated.

  • Searching for a certificate

    On the PKI Management > Certificate page, enter the subject name of the certificate in the search box for a search. You can also specify the SN, validity period, revocation reason, issuer or status of the certificate in Advanced Search. The Certificate Authority Service supports fuzzy search by subject name, SN, validity period or issuer.

    On the Certificate Application > Application List page, enter the applicant, CA name, subject or submitted time of the certificate in the search box for a search. The Certificate Authority Service supports fuzzy search by applicant, CA name, subject or submitted time.

  • Revoking a certificate

    On the PKI Management > Certificate page, click Revoke in the Operation column of a certificate to revoke it.

    Only certificates whose revocation reason is "Certificate is on hold" can have their revocation canceled. Certificates revoked for other reasons can no longer be trusted.

  • Canceling certificate revocation

    On the PKI Management > Certificate page, click Undo Revoke in the Operation column of a certificate to cancel its revocation.

  • Downloading a certificate
    • On the Certificate Application > Application List page, click Download Certificate in the Operation column of a certificate to download it to the local computer.
      • When downloading a certificate that is requested by entering basic information or using dual certificates, you need to enter a password. The password is a string of 8 to 32 characters containing at least three of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain two or more of the same characters consecutively.
      • Only successfully obtained certificates can be downloaded.
    • On the PKI Management > Certificate page, click Download in the Operation column of a certificate, enter the file name and password, and download the certificate to the local computer.
      • The file name is a string of 1 to 20 characters containing uppercase letters, lowercase letters, digits, hyphens (-), and underscores (_).
      • When downloading a certificate that is requested by entering basic information or using dual certificates, you need to enter a password. The password is a string of 8 to 32 characters containing at least three of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain two or more of the same characters consecutively.