Each CSR on the flash drive or laptop Workbench computer needs to be signed by the private key of the root or an intermediate certificate. Although each server certificate CSR does not contain its private key, transportation to the Workbench computer on which the root and intermediate certificates are stored should be secure.
To ensure the security of your network, always sign certificates using a computer that is disconnected from the internet and
company network. It is recommended to maintain this computer in a secure physical location.
See Sign the server certificates using the intermediate certificates.
Sign the server certificates using the intermediate certificates
This procedure uses the Workbench tools and the intermediate certificates to sign server certificates.
-
Select .
The Certificate Signing dialog appears.
-
Click the browser icon, locate, and open the CSR for a server certificate. and click .
The Certificate Signing dialog expands to display the certificate details.
-
Confirm that this is the correct server certificate.
-
Select valid dates.
-
Select the intermediate or root certificate to use to sign the server certificate, type the root or intermediate certificate’s private key password for CA Password and click OK.
This generates a new certificate file with the extension of: .pem. This file contains only the public key associated with the certificate.
-
Save the signed certificate in the server certManagement folder.
-
Repeat this procedure for each server certificate.