SiGNET Certificate Authority (CA)
SiGNET certificate can be requested with a web form or a shell script found at SiGNET CA. Request a certificate with pre-prepared script.
Step 1. Open SiGNET CA, then locate the tab "User" -> "Request a Certificate".
Step 2. For automated user and server certificate requests, download bash script make-request.sh and import it into your virtual machine.
Step 3. Run the script. For more information, check the help section.
Help command: $ ./make-request.sh -h
For users:
$ ./make-request.sh -u -p -T 123-456 name.surname@example.com 'Example Org' 'My Lab' 'Name Surname'
For servers:
$ ./make-request.sh -p -N 'Name Surname' -T 123-456 admin.mail@example.com 'Example Org' IT hostname.example.com
Example of server certificate request:
$ ./make-request.sh -p -N 'Name Surname' -T 123-456 -d '/C=SI/O=SiGNET/O=ORG/CN=hostname' name.surname@example.com
Step 4. Wait for certificate approval. Requested certificates can be found in the tab "Requests" -> "Certificate Request". If the certificate request was not send to CA locate tab "User" -> "Request a Certificate", send "User-generated PEM-formatter Request" and fill out the "PKCS#10 Request Form".
Step 5. After successful approval (Certificate Request Confirm), wait for email or find your request or certificate number located in tab "User" -> "Get Requested Certificate".
Example of received email:
Dear <hostname>,
You can download the requested certificate from our server at the URI:
https://signet-ca.ijs.si:443
Please use the serial number: <CERT_ID>
Alternatively, you can use the request-generation script that can download the certificate and prepare it for browser import in a single invocation.
(Requirements: bash, curl, openssl.)
http://signet-ca.ijs.si/req/make-request.sh
Please, use the serial in the invocation:
make-request.sh -r <CERT_ID> -K <private-key-file>
If you have the private key in your browser, you can import the certificate directly from the server with the following link:
https://signet-ca.ijs.si:443/cgi-bin/pub/pki?cmd=getcert&key=<CERT_ID>&type=CERTIFICATE
Please, also import the CA certificate (or the PKI chain) from our server to check the correctness of your certificate:
https://signet-ca.ijs.si:443/pub
Remember to keep at least one safe backup of your private key because if you lose it, you will not be able to decrypt messages and documents you already received.
With best regards,
SiGNET CA Operations
Step 6. Go to the same directory where “make-request.sh” file is located and run the command:
$ ./make-request.sh -r <CERT_ID> -K <PRIVATE_KEY>
Where
Example of Name-Surname-year-month-day.key
After running the mentioned command, a certificate file is created in the same directory.
Example of certificate file: Name-Surname-year-month-day.p12
Step 7. Import your certificate (.p12 file) to your system or to the chosen web browser.
In Google Chrome | In Mozilla Firefox | In Microsoft Edge |
---|---|---|
1. Go to settings | 1. Go to settings | 1. Go to settings |
2. Privacy and security | 2. Privacy and security | 2. Privacy, search, and services tab |
3. Manage certificates | 3. View certificates | 3. Manage certificates |
4. Click Import | 4. Click Import | 4. Click Import |
More information available at signet-ca.ijs.si.