SiGNET Certificate Authority (CA)
SiGNET certificate can be requested with a web form or a shell script found at SiGNET CA. Request a certificate with pre-prepared script.
Step 1. Open SiGNET CA, then locate the tab "User" -> "Request a Certificate".
Step 2. For automated user and server certificate requests, download bash script make-request.sh and import it into your virtual machine.
Step 3. Run the script. For more information, check the help section.
$ ./make-request.sh -h
$ ./make-request.sh -u -p -T 123-456 firstname.lastname@example.org 'Example Org' 'My Lab' 'Name Surname'
$ ./make-request.sh -p -N 'Name Surname' -T 123-456 email@example.com 'Example Org' IT hostname.example.com
Example of server certificate request:
$ ./make-request.sh -p -N 'Name Surname' -T 123-456 -d '/C=SI/O=SiGNET/O=ORG/CN=hostname' firstname.lastname@example.org
Step 4. Wait for certificate approval. Requested certificates can be found in the tab "Requests" -> "Certificate Request". If the certificate request was not send to CA locate tab "User" -> "Request a Certificate", send "User-generated PEM-formatter Request" and fill out the "PKCS#10 Request Form".
Step 5. After successful approval (Certificate Request Confirm), wait for email or find your request or certificate number located in tab "User" -> "Get Requested Certificate".
Example of received email: Dear <hostname>, You can download the requested certificate from our server at the URI: https://signet-ca.ijs.si:443 Please use the serial number: <CERT_ID> Alternatively, you can use the request-generation script that can download the certificate and prepare it for browser import in a single invocation. (Requirements: bash, curl, openssl.) http://signet-ca.ijs.si/req/make-request.sh Please, use the serial in the invocation: make-request.sh -r <CERT_ID> -K <private-key-file> If you have the private key in your browser, you can import the certificate directly from the server with the following link: https://signet-ca.ijs.si:443/cgi-bin/pub/pki?cmd=getcert&key=<CERT_ID>&type=CERTIFICATE Please, also import the CA certificate (or the PKI chain) from our server to check the correctness of your certificate: https://signet-ca.ijs.si:443/pub Remember to keep at least one safe backup of your private key because if you lose it, you will not be able to decrypt messages and documents you already received. With best regards, SiGNET CA Operations
Step 6. Go to the same directory where “make-request.sh” file is located and run the command:
$ ./make-request.sh -r <CERT_ID> -K <PRIVATE_KEY>
After running the mentioned command, a certificate file is created in the same directory.
Example of certificate file:
Step 7. Import your certificate (.p12 file) to your system or to the chosen web browser.
|In Google Chrome||In Mozilla Firefox||In Microsoft Edge|
|1. Go to settings||1. Go to settings||1. Go to settings|
|2. Privacy and security||2. Privacy and security||2. Privacy, search, and services tab|
|3. Manage certificates||3. View certificates||3. Manage certificates|
|4. Click Import||4. Click Import||4. Click Import|
More information available at signet-ca.ijs.si.