Requesting a personal certificate

To apply for a personal certificate, use the iKeyman tool as follows:

  1. Start the iKeyman GUI using either the gsk7ikm command (UNIX(R)) or the strmqikm command (Windows(R)).
  2. From the Key Database File menu, click Open. The Open window displays.
  3. Click Key database type and select CMS (Certificate Management System).
  4. Click Browse to navigate to the directory that contains the key database files.
  5. Select the key database file from which you want to generate the request, for example key.kdb.
  6. Click Open. The Password Prompt window displays.
  7. Type the password you set when you created the key database and click OK. The name of your key database file displays in the File Name field.
  8. From the Create menu, click New Certificate Request. The Create New Key and Certificate Request window displays.
  9. In the Key Label field, type:
  10. Type a Common Name and Organization, and select a Country. For the remaining optional fields, either accept the default values, or type or select new values. Note that you can supply only one name in the Organizational Unit field. For more information about these fields, refer to Distinguished Names.
  11. In the Enter the name of a file in which to store the certificate request field, either accept the default certreq.arm, or type a new value with a full path.
  12. Click OK. A confirmation window displays.
  13. Click OK. The Personal Certificate Requests list shows the label of the new personal certificate request you created. The certificate request is stored in the file you chose in step 11.
  14. Request the new personal certificate either by sending the file to a Certification Authority (CA), or by copying the file into the request form on the Web site for the CA.

Use the following commands to request a personal certificate using iKeycmd:

where:

-db filename is the fully qualified file name of a CMS key database.
-pw password is the password for the CMS key database.
-label label is the key label attached to the certificate.
-dn distinguished_name is the X.500 distinguished name enclosed in double quotes. Note that only the CN, O, and C attributes are required, and that you can supply only one OU attribute.
-size key_size is the key size. The value can be 512 or 1024.
-file filename is the filename for the certificate request.

If you are using cryptographic hardware, refer to Requesting a personal certificate for your PKCS #11 hardware.