Creating Authenticated Requests and Link Certificates

You can sign CV certificate requests by your CVCA or DV by going to Edit Certificate Authorities, typing the name of your CA in the text field (same name as appears in the list above the text field) and then clicking on Sign Certificate Request. You will be a chance to upload the CV certificate request to the CVCA, and you will get an Authenticated request back. This is required when sending certificate requests from your DVs to other member states and when creating CVCA link certificates.

The renewing a DV and sending a request to another member state you can get the request automatically authenticated by signing the request with the DVs old keys. You can do this by first renewing the DV to create a new certificate request. Then you go into Sign Certificate Request for the same DV and sign the request checking the checkbox Use previous key. An authenticated request, authenticated with the DVs previous key will be returned.

To create CVCA link certificates the same approach is done. First renew the CVCA (generating new keys), which creates a new self-signed CVCA certificate internally. Download the new self-signed CVCA certificate (for example from Basic Functions). After this you can create a link certificate by typing the CVCAs name in the text field in Edit Certificate Authorities and clicking Sign Certificate Request. Upload the new CVCA certificate and select Use previous key and Create link certificate.

The reason for this cumbersome and a bit clumsy way to create link certificates is that issuing a link certificate can actually be made to switch CA completely, new keys, new algorithms and new Country/Mnemonic. Therefore you can use this approach to create a link certificate from you old CVCA to a completely new one.