Generating a PKCS #12

Generate a PKCS #12 file containing both a certificate and a key pair.

To generate a PKCS #12

  1. Select Create > PKIaaS.
    images/download/attachments/199797159/image-2022-11-23_13-57-29-version-1-modificationdate-1679469942987-api-v2.png

  2. Select the Certificate Authority.

  3. Select a Certificate Profile configured to generate PKCS #12 files.

  4. Click Next to display the certificate form.

    images/download/attachments/199797159/image-2023-3-22_12-34-21-version-1-modificationdate-1679470461628-api-v2.png

  5. Configure the following settings:

  6. Click Submit to generate the certificate and the key pair.

  7. On the confirmation page, click the link to download a PKCS #12 file containing the certificate and the key pair.

Subject DN

Write the Distinguished Name (DN) of the certificate subject. For example:

CN=www.entrust.com, OU=PKIaaS, O=Entrust, c=CA

Certificate Expiry

Select the certificate expiration date. Specifically, the certificate will expire at 23:59:59 on the selected date, calculated for the time zone set in your browser.

Because of Daylight Savings Time (if applicable) and the time zone set in your browser, you may see a discrepancy between the actual certificate expiry date (the one you set) and the expiry date you will see in some system viewers or parsers. The Windows System Viewer, in particular, does not handle Daylight Savings Time correctly.

Subject Alternate Names

Select optional Subject Alternate Names (SAN) for the certificate subject – for example:

  • S/MIME email certificates require an RFC822 Name email address.

  • Network device or web server certificates for TLS authentication require a DNS Name or IP Address value matching the URL used by the client.

See below for the supported types.

The selected CA profile may forbid some Subject Alternate Names.

SAN Type

Sample value

​DNS Name

server.example.com

IP Address

192.168.1.1

RFC822 Name

john.doe@example.com

Directory Name

cn=john doe,o=example inc,c=us

Uniform Resource Identifier

http://example.com/

Registered ID

1.2.3.4.5.6.7.8

Other Name

oBgGCCsGAQUFBwgDoAwwCgwIMTIzNDU2Nzg=

The Other Name value is a DER encoding because this type supports an unbounded number of possible subtypes which often cannot be represented as simple strings.

PKCS #12 Password

Type a password to protect the PKCS #12 contents.

Confirm PKCS #12 Password

Retype the password.