Creating and loading certificates
An
LT requires a user with a certificate. Table 1 shows the
types of certificates required for different purposes, and where they
can reside.
| Certificate type | Policy ID | Purpose | Possible location | ||
|---|---|---|---|---|---|
| T&T | Live | File | Hardware | ||
| lite | (none) | ✓ | ✓ | ||
| business | 1.3.21.6.1 | ✓ | ✓ | ✓ | |
| 1.3.21.6.2 | ✓ | ✓ | ✓ | ||
To create and load a certificate for:
- A new user:
- Set up the user for certification and to return the activation secrets by using the suct command, which is described in setupUserForCert. If necessary, use the -policy parameter to specify the policy ID that is appropriate for the intended purpose.
- Use the cct command, which is described in createCertificate, to create a certificate for the user. Use the -certlocation parameter to specify the location that is appropriate for the intended purpose.
- Use the sctp command, which is described in setCertProtocol to set the SNL protocol of the certificate to relaxed.
- An existing user:
- Set up the user for recovery by using the surc command, which is described in setupUserForRecovery. If necessary, use the -policy parameter to specify the policy ID that is appropriate for the intended purpose.
- Use the rcct command, which is described in recoverCertificate, to recover the certificate for the user. Use the -certlocation parameter to specify the location that is appropriate for the intended purpose.
- Use the sctp command, which is described in setCertProtocol to set the SNL protocol of the certificate to relaxed.