Obtaining Identity Certificates

Last Updated : Apr 20, 2022 |

Once a provider has been selected, the certificate requirements need to be identified:

  • The name fields of the certificate are vital for correct interoperation with clients; see Certificate Name Content for more information.

  • The certificate should be RSA2048 bit, with SHA-256 signature algorithm

  • The quantity and duration

  • The assurance level

  • Whether single domain or multi-domain

  • The certificate should be for a web server and not a signing certificate

Once requirements identified, a Certificate Signing Request (CSR) is made to the CA. This can use a number of methods:

  • Form based, using the CA's web site or downloaded utilities: The private key and the certificate are created by the CA and sent/downloaded by the customer.

  • Text based, using the OpenSSL package: The private key is created by OpenSSL and kept on the PC. The certificate is created by the CA and OpenSSL used to join the two parts together in a PKCS#12 file.

  • Text based, using Microsoft windows tools: The private key is created by Microsoft OS tools and kept on the PC. The certificate is created by the CA and Microsoft OS tools used to join the two parts together in a PKCS#12 file.

  • Automated via SECP: The private key is created by IP Office, kept on the system. The certificate is created by the CA and IP Office joins the two parts together.

  • Web form based, using a 3rd party site. This is not recommended.

Currently IP Office Linux and IP500 V2 servers do not support the generation of a CSR where the private key is retained within the IP Office server. This means if the CA does not support form-based CSR, the OpenSSL or Microsoft windows tools methods of Certificate Signing Requests must be used.

Once a CSR is submitted to the CA, they will review the application and if successful issue the identity certificate along with the signing certificate(s). The required format of IP Office identity certificates is PKCS#12. The required formats for the signing certificates are PEM and DER. See Certificate File Naming and File Formats.

If the file formats are not as required by IP Office utilities can be used to convert; these can be provided by the CA or 3rd party tools can be used. Examples of conversion using 3rd party tools are contained in Certificate Signing Requests.

Related information
Certificate from External Certificate Authorities