Creating a Certificate Signing Request Follow these instructions to generate a CSR for your Web site. After completing this process, you will have a CSR ready to submit to ipsCA in order to be generated into a SSL Security Certificate. If you are not using JDK 1.4 or higher, you must download and install "Java Secure Socket Extensions" JSSE. 1. Generate a private key with the following command: $JAVA_HOME/bin/keytool -genkey -alias ipsca.keystore -keyalg RSA -keystore /path/to/domainname.kdb In the next field you will be asked "What is your first and last name?" At this prompt, you must specify the common name (FQDN) of your web site. You will then be prompted for your organizational unit, organization, etc. 2. Generate the Certificate Signing Request (CSR) $JAVA_HOME/bin/keytool -certreq -alias ipsca.keystore -keystore /path/to/keystore.kdb -file filename.csr You will not be prompted for the common name, organization, etc. The keytool will use the values that you specify when generating the private key. 3. Now go to ipsCA , select your certificate and fill the form with your personal data, paste your certificate request in the CSR field making sure that you include -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----. 4. Make a backup of the keystore.kdb key database. It would be useful for you if your server crashes.

Installing a Server Digital Certificate After you receive your certificate, two other certificates will be necessary to setup your SSL Server, IPS SERVIDORES ROOT CERTIFICATE and the intermediate CA IPSCA CLASEA1. It is essential that these certificates are also  installed on your webserver in order to establish correct SSL connections with your customer's browsers. Should they be required, you may download these certificates individually or jointly as a bundled file below: IPSServidores.crt IPSCACLASEA1.crt Steps to install your certificate Please replace the example keystore name 'ipsca.keystore' with your keystore name Use the keytool command to import the certificates as follows: keytool -import -trustcacerts -alias IPSROOT  -file IPSSERVIDORES.crt -keystore ipsca.keystore Use the same process for the ipsCA certificate using the keytool command: keytool -import -trustcacerts -alias IPSCAA1 -file IPSCACLASEA1.crt -keystore ipsca.keystore Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string. Example: keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore ipsca.keystore Then, the password is requested. Enter keystore password: (This is the one used during CSR creation) The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'): Serial number: 1a3 Valid from: Fri Feb 23 23:01:00 GMT 1996 until: Thu Feb 23 23:59:00 GMT 2006 Certificate fingerprints: MD5: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 SHA1: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64 Trust this certificate? [no]: Then an information message will display as follows: Certificate was added to keystore All the certificates are now loaded and the correct root certificate will be presented. ATTENTION! If a java EOFException occurs during your server certificate installation you will have to verify the integrity of your ipsCA .crt file. Open it and check that there are exactly only one line break after the foot --------- END OF CERTIFICATE ---------

  return to the top

© 1995 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved. Our CPS summarized or complete, CRLs, Root Certificates and legal documents   can be found in our repository Read our  Privacy Policy and Terms of Use