Cross Certification
[TOP]
In this page we describe how to make cross certification with
commercial CA products.
Issued *BY* a commercial CA product
To be issued by commercial CA product take following steps.
- generate a test suite CA key using keypair editor.
- check DN of the CA.
- generate certificate request(CSR/PKCS#10) using openssl.
- calculate finger print using 'sha1sum' command
- send finger print using FAX or email.
- send PKCS#10.
- issue certificate by the CA product.
Issue *TO* a commercial CA product
To issue certificate to the CA product take following steps.
- generate PKCS#10 by the CA product.
- recieve PKCS#10 from CA product.
- get the information about public key, directory name and subject
key identifier using 'iwgskidinfo' command.
- regist only the public key to the test suite DB.
- regist certificate information to the test suite DB.
- issue certifcate with the test suite.
- calculate its finger print using 'sha1sum' command.
- send the certificate and the finger print.
Regist cross certificate pair
Regist the certificate issued by the CA product
as 'Raw Certfificate'.
Take following steps.
- convert to PEM encoded certificate.
- regist the PEM as 'Raw Certificate'.
- regist the cross certificate pair information.
- regist repository information of the cross certificate pair.