The following covers how to issue a PKCS#12 keystore suitable for SSL/TLS servers, such as web servers.

Before you begin, you should previously have created a certificate profile and end entity profile for SSL servers. For more information, see:

To request a certificate:

  1. Access EJBCA RA Web and click Make new request.
  2. In the Certificate Type field, select SSLServerEndEntityProfile.
  3. Under Certificate subtype, you should not be able to choose anything but the default SSLServerCertificateProfile.
  4. Under CA, you should not be able to choose anything but the default ManagementCA.
  5. Select the Key-pair generation option By the CA.
  6. In Key algorithm, select RSA 2048 bits.
  7. In CN, Common Name, enter testsrv.domain.com.
  8. In DNS Name, enter testsrv.domain.com.
  9. At Username, enter testsrv.domain.com.
  10. At Enrollment code, enter a password.  This will be the same password that is used to protect the certificate once downloaded.
  11. Click Download PKCS#12 to download and save the newly created certificate file.

A new certificate is generated and downloaded to your desktop.

To view the certificate, import the P12 certificate file by double-clicking it.