See below for the certificate authority to generate a PKCS #12 file containing:

  • A key pair generated by Entrust PKIaaS.
  • The issued certificate.
  • The CA certificate chain of the issued certificate.

To issue a PKCS #12:

  1. Open the following URL in a Web browser. 

    https://<hostname>/v2/

    Where <hostname> is the IP address or domain name selected in General.

  2. Log in to the Certificate Authority user interface as a user with the Owners or Certificate Administrators roles on a partition.
  3. Select the partition on which to manage certificate authorities and certificates. 

  4. Click Certificate Authorities in the sidebar.

  5. In the Certificate Authorities tab, click the name of the certificate authority that will issue the certificates.


    Certificate authority does not provide root certificate authorities with profiles for issuing PKCS #12 files.

  6. Click Issue Certificate.

  7. Select Server-side Generated Key Certificate (PKCS #12).

  8. Complete the following values.

  9. Click Issue.

  10. Check the certificate details and click Download your PKCS #12 to download the issued PKCS #12 file. 

    Certificate Authority does not store the generated key pair in any way. Once you leave this page, you cannot download the PKCS #12 file.

Certificate profile

Select one of the subscriber certificate profiles for the certificate authority to issue this certificate.

This list only includes the certificate profiles selected in the issuing subordinate authority. See Creating an issuing subordinate authority for how to select profiles on CA creation and Selecting CA profiles for how to add profiles to an existing CA.

PKCS #12 Password

Type and confirm a password to protect the contents of the PKCS #12 file.

Subject

Enter a value for each RFC5280 attribute in the certificate subject’s Distinguished Name (DN).

Field

Mandatory

Common Name

(tick) 

Organization

(error) 

Organizational Unit

(error) 

State/Province

(error) 

Locality Name

(error) 

Domain Component

(error) 

Country

(error) 

Alternatively, you can:

  1. Toggle the Advanced Subject switch
  2. Type a Distinguished Name (DN) including additional attributes.

For example, when the certificate subject represents a corporate employee:

CN=John Doe, OU=Sales, O=Example Corp, L=San Francisco, ST=California, C=US
When the certificate subject represents a corporate domain:
CN=server1.example.com, CN=server2.example.com, OU=IT, O=Example Corp, L=Chicago, ST=Illinois, C=US

Subject Alternative Names

Add optional Subject Alternative Names (SANs) for the certificate subject. Typically, SANs extend the domain names or IP addresses set in the Subject field of a TLS certificate. See below for examples.

DNS name
example.com
www.example.com
example.net
mail.example.com
support.example.com
example2.com
IPv4 Address
93.184.216.34
IPv6 Address
2606:2800:220:1:248:1893:25c8:1946