Cross Certification

[TOP]

In this page we describe how to make cross certification with commercial CA products.

Issued *BY* a commercial CA product

To be issued by commercial CA product take following steps.
  1. generate a test suite CA key using keypair editor.
  2. check DN of the CA.
  3. generate certificate request(CSR/PKCS#10) using openssl.
  4. calculate finger print using 'sha1sum' command
  5. send finger print using FAX or email.
  6. send PKCS#10.
  7. issue certificate by the CA product.

Issue *TO* a commercial CA product

To issue certificate to the CA product take following steps.
  1. generate PKCS#10 by the CA product.
  2. recieve PKCS#10 from CA product.
  3. get the information about public key, directory name and subject key identifier using 'iwgskidinfo' command.
  4. regist only the public key to the test suite DB.
  5. regist certificate information to the test suite DB.
  6. issue certifcate with the test suite.
  7. calculate its finger print using 'sha1sum' command.
  8. send the certificate and the finger print.

Regist cross certificate pair

Regist the certificate issued by the CA product as 'Raw Certfificate'. Take following steps.
  1. convert to PEM encoded certificate.
  2. regist the PEM as 'Raw Certificate'.
  3. regist the cross certificate pair information.
  4. regist repository information of the cross certificate pair.