The procedure for creating a certificate request is the same for OFTP2, AS2, TLS and HTTP client and differs only in the selection of usages. This is an example of creating a certificate request for an OFTP2 certificate.
Where is the private key stored?
The private key of your future certificate is not included in the certificate request. It remains in !MC5 and is not sent to the certification authority. When importing the certificate that you will receive from your certification authority after your request, the private key will be added to the certificate. Therefore, never pass on the final certificate (pfx file) to third parties.
1 Start !MC5 and select the entry Settings/OFTP2/Security in the left tree. On the right side you will now see the box Certificates with the list of your certificates. This list will of course contain other entries or be empty in your !MC5. On the right side next to this list there are some icons. At the top there is a plus symbol, which you now click with the left mouse button. A window opens with which you can import and generate certificates as well as create certificate requests..
2 Click the button Create certificate request with the mouse. In this and the following dialog windows, you make all the entries for your certificate request. In the lower part of the dialog window there are two buttons Back and Next, with which you can navigate back and forth at any time to check or correct an entry. Your previous entries will not be lost. Cancel ends the process without saving any changes.
3 In this dialog you enter the most important data for your application. The information marked with an asterisk is mandatory and must be entered in any case. Common Name contains a unique identifier for the certificate. Even if this identifier is freely selectable, your own domain name should be used at this point.
4 In the following dialog some additional specifications are made. These entries are optional and do not have to be made.
•Hostname: Here you enter the hostname for which the certificate should be issued and with which your partners can reach you. Please note that the Odette certification authority does not support wildcard certificates..
•IP address: Here you enter an IP address for which the certificate is to be issued and its partners can reach you. Please note that when using an IP address, its accessibility is not always guaranteed without gaps.
•OFTP ID: This entry should always be made if the certificate is to be used for OFTP. If the certificate is used for other protocols, this entry can be left blank.
5 Now set the key length for the public key of the future certificate.When selecting the key length, keep in mind that a longer key increases security but also increases processing time. However, this should not usually be an issue with today's systems.
6 This dialog shows a summary of all the information you have entered so far. If you want to correct the information, navigate to the desired position using the Back button. Your previous entries will not be lost.
7 Now you can specify the purposes for which you want to use the certificate you are applying for. This settings are not part of the actual certificate application, but is stored in the !MC5 database. Therefore, you can also change these settings at any later time.
If you now click on Finish, the wizard is closed and you can no longer make any changes to the entries for the certificate request..
8 Now you have successfully created a certificate request. The program now shows a summary of the certificate request again. You can now decide how to proceed.
•You can now set up the certificate request for other Modules and Add-Ons (AS2, HTTP client) as well.
•You can send the certificate request to your certification authority.
However, you can continue the process at a later time.
Create references on certificate requests
The certificate request is now already stored in the database. However, the reference to this request - visible as a blue entry in the list of OFTP2 certificates - is not yet permanently stored. This is signalised by the yellow title bar. !MC5 will prompt you to agree to save it at an appropriate time.
If you want to use the final certificate for other Modules and Add-Ons, it is best to create references for them now. If all desired references have been created before importing the certificate, these references will be automatically replaced by the final certificate during import.
9 If you leave this area by closing the summary and selecting another entry in the navigation tree, for example, you still have to agree to the changes made. As soon as you have agreed to the saving with Ye", the reference to this request for the OFTP2 module is permanently stored in the !MC5 database.
