Skip to content

SiGNET Certificate Authority (CA)


SiGNET certificate can be requested with a web form or a shell script found at SiGNET CA. Request a certificate with pre-prepared script.

Step 1. Open SiGNET CA, then locate the tab "User" -> "Request a Certificate".

Step 2. For automated user and server certificate requests, download bash script make-request.sh and import it into your virtual machine.

Step 3. Run the script. For more information, check the help section.

Help command: $ ./make-request.sh -h

For users:

$ ./make-request.sh -u -p -T 123-456 name.surname@example.com 'Example Org' 'My Lab' 'Name Surname'

For servers:

$ ./make-request.sh -p -N 'Name Surname' -T 123-456 admin.mail@example.com 'Example Org' IT hostname.example.com

Example of server certificate request:

$ ./make-request.sh -p -N 'Name Surname' -T 123-456 -d '/C=SI/O=SiGNET/O=ORG/CN=hostname' name.surname@example.com

Step 4. Wait for certificate approval. Requested certificates can be found in the tab "Requests" -> "Certificate Request". If the certificate request was not send to CA locate tab "User" -> "Request a Certificate", send "User-generated PEM-formatter Request" and fill out the "PKCS#10 Request Form".

Step 5. After successful approval (Certificate Request Confirm), wait for email or find your request or certificate number located in tab "User" -> "Get Requested Certificate".

Example of received email:
Dear <hostname>,

You can download the requested certificate from our server at the URI:

    https://signet-ca.ijs.si:443

Please use the serial number: <CERT_ID>

Alternatively, you can use the request-generation script that can download the certificate and prepare it for browser import in a single invocation.
(Requirements: bash, curl, openssl.)

        http://signet-ca.ijs.si/req/make-request.sh

Please, use the serial in the invocation:

        make-request.sh -r <CERT_ID> -K <private-key-file>

If you have the private key in your browser, you can import the certificate directly from the server with the following link:

https://signet-ca.ijs.si:443/cgi-bin/pub/pki?cmd=getcert&key=<CERT_ID>&type=CERTIFICATE

Please, also import the CA certificate (or the PKI chain) from our server to check the correctness of your certificate:

    https://signet-ca.ijs.si:443/pub

Remember to keep at least one safe backup of your private key because if you lose it, you will not be able to decrypt messages and documents you already received.


                With best regards, 
                 SiGNET CA Operations

Step 6. Go to the same directory where “make-request.sh” file is located and run the command:

$ ./make-request.sh -r <CERT_ID> -K <PRIVATE_KEY>

Where is your certificate ID received in the mail (look at example of received mail) and is a .key file located in the same directory.

Example of file: Name-Surname-year-month-day.key

After running the mentioned command, a certificate file is created in the same directory. Example of certificate file: Name-Surname-year-month-day.p12

Step 7. Import your certificate (.p12 file) to your system or to the chosen web browser.

In Google Chrome In Mozilla Firefox In Microsoft Edge
1. Go to settings 1. Go to settings 1. Go to settings
2. Privacy and security 2. Privacy and security 2. Privacy, search, and services tab
3. Manage certificates 3. View certificates 3. Manage certificates
4. Click Import 4. Click Import 4. Click Import

More information available at signet-ca.ijs.si.