This section will show you how to issue a PKCS#12 keystore suitable for SSL/TLS servers, such as web servers. You should previously have created the certificate profile and end entity profile for SSL servers in the sections above.

1. Goto RA Functions -> Add End Entity.

2. Choose the end entity profile SSLServerEndEntityProfile.

3. At Username, enter testsrv.domain.com.

4. At Password, enter a password.

5. Under CN, Common Name, enter testsrv.domain.com.

6. And at DNS Name enter testsrv.domain.com.

7. Under Certificate Profile you should not be able to choose anything but the default SSLServerCertificateProfile.

8. Under CA you should not be able to choose anything but the default ManagementCA.

9. Under Token, choose P12.

10. Press Add.

11. Goto Public Web and then Create Keystore.

12. Enter the username, testsrv.domain.com, and password for the user you created, and press OK.

13. Choose Key length 1024.

14. Under Certificate Profile, you should not be able to choose anything but the default "SSLServerCertificateProfile" .

15. Press OK.

A new certificate will be generated and downloaded to your desktop.

If you like, import the P12 file (double-click on it in Windows) to look at the certificate inside.