Creating key-certificate pairs

How to create key-certificate pairs after they are generated on the DataPower® Gateway.

About this task

When you generate a key, you get a key file and a certificate signing request (CSR) file. The CSR file from the initial key generation is not a signed certificate. Send the CSR to a certificate authority (CA), such as VeriSign. The CA signs the CSR and returns it to you, which effectively creates the certificate. Load this certificate on the DataPower Gateway.

You can use the following procedure to create the key-certificate pair and identification credentials that reference the key and certificate aliases. When you create identification credentials, the key-certificate pair is validated to ensure that pair is ready for use.

Procedure

  1. Use the cryptographic tools to create the key and CSR.
  2. Store the private key on the DataPower Gateway, and create a key alias that references it.
  3. Send the CSR to a CA. Do not store it on the DataPower Gateway except in the temporary: directory.
  4. After the CA returns the signed certificate, store it on the DataPower Gateway, and create a certificate alias that references it.