Issuing user certificates without user participation

The procedure for issuing a user certificate without user participation is identical to the procedure for issuing user certificates with user participation, up to Step 7.

  1. In the Certificate Manager dialog box, select File > Issue User Certificates. The Manage User Certificate Requests dialog box is displayed.
  2. In Add User, specify the new user’s name.
  3. Click Add. This adds the user name to Select User.
    To batch-process new users, repeat steps 2 and 3 to add as many new users as required before continuing.
  4. If necessary, then select the user name in Select User.
  5. Click Next. This reconfigures the dialog box for specifying user information.

    User Name displays the name of the user selected in Step 4 and is not editable. To change the user name, click Prev to return to the previous dialog box.

  6. Fill in the necessary information to create a User Information File.
    The only required information items are the user name and email address. Everything else is optional.
    • Country is the two-letter code. For example, US for United States.
    • State, or province, or other governmental unit, is not abbreviated.
    • Locality is usually the city name.
    • Organization is the legal name of your organization.
    • Unit is any unit within the organization, and is user-defined.
    • Email is the user’s email address.
  7. Click Save User Information.
  8. Click Next. This reconfigures the Manage User Certificate Requests dialog box.
  9. Click Make Private Key. The Enter Password dialog box is displayed.
  10. In Please enter the password, specify the password to access the new user’s private key file.
  11. In Confirm Password, specify the same password. Make a note of this password! You must send it to the new user.
  12. Click Next.
    • If the first item states that the end-user modified information, then review the new information.
    • If the end-user made unacceptable changes, or if the second item specifies that the end-user did not create a public key, then click Quit. Then, notify the end-user to change it and resend the Certificate Request. When you receive the new information, repeat the steps.
  13. Click Next.
  14. Use Start Date or Days to specify a start date for the user certificate other than the default.
    The date can be expressed in mm/dd/yyyy format or as a specific number of days from the current date, such as 1000.
  15. In Expire Date or Days, specify the expiration date in mm/dd/yyyy format, or the number of dates from the current date, such as 1000.
    You can accept the valid date range that is shown on the dialog box and not specify any date or days.
    Note: An expiration date, or number of days, is required. A user certificate can never outlive a CA certificate. If the expiration date is after the CA certificate's expiration date, then the user certificate is automatically set to expire one day before the CA certificate's expiration date.
  16. Click Create Certificate. This opens a dialog box for specifying the password that was created for this user.
  17. Specify the password and click OK.
    The Certificate Manager creates the user certificate and notifies you that the certificate has been created.
  18. Click Finished to add another user or Quit to exit the GUI.
    This creates two certificate files on the machine with the host server:
    • username-cert.der
    • enc-username-key.der

      username is the user ID that was provided for the certificate.

      These two certificate files are placed in the \server\certs\issued subdirectory of the directory where the host server is installed.

  19. Inform the new user of the password you specified in Step 11.
  20. Verify that the user certificate has been issued by clicking File > Refresh in the Certificate Manager dialog box.