| Info |
|---|
This article is for X-Road versions >= 7.3.0. Instructions for older X-Road versions are available here. |
...
| Note |
|---|
When using the test CA as a certification provider, please see the location of the CA root certificate and OCSP certificate, and OCSP URL at: Before uploading the CA root certificate and OCSP certificate to the Central Server, the filenames must be updated:
|
Choose Trust Services -> Add certification service.
Upload the certification service's root certificate and press Upload.
...
| Note |
|---|
When using the test CA as a time-stamping provider, please see the location of the TSA certificate and TSA URL at: Before uploading the TSA certificate to the Central Server, the filename must be updated:
|
Choose Trust Services -> Timestamping Services -> Add timestamping service.
Add timestamping service URL.
Upload the timestamping service's certificate.
Press Add.
...
Select TOKEN: SOFTTOKEN-0.
Press Add key.
...
Define an optional label for the key and press Next.
...
Please note that the authentication and sign certificate fields vary between different certificate profiles. If you are not using the certificate profile mentioned in this guide, the certificate fields are different.
Usage - AUTHENTICATION.
Certification Service - choose the certification service that was defined on the Central Server.
CSR Format - select a suitable format for your certificate service. NOTE: The test CA setup only accepts DER as input format.
Press Continue.
...
Server DNS name (CN) - the Security Server's FQDN.
Organization name (O) - write the name of the organization maintaining the Central Server.
Press Generate CSR.
...
The certificate request is downloaded to browser's download folder.
Press Done.
...
| Note |
|---|
When using the test CA as a certification provider, sign the certificate requests according to the instructions: https://github.com/nordic-institute/X-Road/blob/develop/ansible/TESTCA.md#7-signing-certificates |
...