Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Internal Root CA > Creating a subordinate certificate authority
Creating a subordinate certificate authority
Help | Content Gateway | v8.5.x
Creating a subordinate certificate authority (sub CA) enables you to take advantage of all the information already existing for your Root CA. However, the Root CA can revoke the sub CA at any time.
Follow these steps to generate a sub CA using OpenSSL and the certificate services in Microsoft Windows.
Preparation
*
*
Install the OpenSSL toolkit (www.openssl.org) on a Windows or Linux machine.
Creating a Certificate Signing Request (CSR)
1.
2.
3.
Enter the following openssl command:
openssl req - sha256 -new -newkey rsa:2048 -keyout wcg.key -out wcg.csr
4.
The openssl command generates 2 files:
*
wcg.csr is the CSR that will be signed by the Certificate Authority to create the final certificate.
*
wcg.key is the private key.
5.
Signing the request
To use Microsoft Certificate Services to sign the request:
1.
Open wcg.csr with WordPad (to preserve the formatting) and copy the contents onto the clipboard (Edit > Select all; Edit > Copy).
2.
http://<CA_server_IP_address>/certsrv/
The Certificate Services applet starts.
3.
Under Select a task, click Request a certificate.
4.
5.
On the Advanced Certificate Request screen, select the Submit a certificate request by using a base-64-encoded CMC... link.
6.
On the Submit a Certificate Request or Renewal Request screen, paste the content of the wcg.csr file (previously placed on the clipboard) in the field provided and click Submit.
7.
If, instead, the Certificate Pending screen displays, you do not have sufficient privileges to create a sub CA. Contact your Enterprise domain administrator to complete the certificate creation process before proceeding.
8.
Select the Base 64 encoded radio button, and then select Download certificate.
9.
With the base 64 encoded certificate on your desktop, along with the private key created during the CSR generating process, you are ready to import both into Content Gateway. See Importing your Root CA for instructions.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Internal Root CA > Creating a subordinate certificate authority
Copyright 2018 Forcepoint. All rights reserved.