13.2. Usage
Signed requests must be submitted to the CA to be processed.
- Create a PKCS #10 certificate request using a tool like
certutil. - Copy the PKCS #10 ASCII output to a text file.
- Run the
CMCEnrollcommand to sign the certificate request. If the input file isrequest34.txt, the agent's certificate is stored in the~jsmith/.mozilla/firefoxdirectory, the certificate common name for this CA isCertificate Manager Agents Cert, and the password for the certificate database is1234pass, the command is as follows:CMCEnroll -d "~jsmith/.mozilla/firefox" -n "Certificate Manager Agents Cert" -r "/export/requests/request34.txt" -p "1234pass"
The output of this command is stored in a file with the same filename and.outappended to the filename. - Submit the signed certificate through the CA end-entities page.
- Open the end-entities page.
- Select the CMC Enrollment profile form.
- Paste the content of the output file into the first text area of this form.
- Remove
-----BEGIN NEW CERTIFICATE REQUEST-----and----END NEW CERTIFICATE REQUEST-----from the pasted content. - Select Certificate Type User Certificate, fill in the contact information, and submit the form.
- The certificate is immediately processed and returned since a signed request was sent and the
CMCAuthplug-in was enabled. - Use the agent page to search for the new certificate.
