Generate self-signed certificates

Use this procedure if you selected to create a self-signed certificate in step 2 of Set up certificates for a community.

This procedure is for generating and associating with a community either a single self-signed certificate for both encrypting and signing documents or two self-signed certificates (dual key), one for encrypting and one for signing.

  1. On the first certificate wizard page, select Create a self-signed certificate, and click next.
  2. On the request certificate page, select:
    • Single key certificate if you want one certificate for both signing and encrypting documents.
    • Dual key certificate if you want two certificates, one for signing documents and another for encrypting documents.
  3. Select one of the following encryption key lengths from the key length drop-down list:
  4. 512

    Normal encryption.

    1024

    Strong encryption.

    2048

    Very strong encryption (Default).

    3072

    Very strong encryption.

    4096

    Very strong encryption.

  5. For the validity period, either accept the default value of two years, or type the length of time you want the certificate to be valid in the validity period field. Select days, months or years from the drop-down list.
  6. Select one or more options to specify how the key will be used for this community. By default, all options are selected. You must select at least one of the following:
    • Signing (digitalSignature)
    • Non-repudiation (nonRepudiation)
    • Encryption (keyEncipherment)
  7. Click Next to review your certificate request.
  8. On this page you can review your selections for:
    • Key type (single key pair or dual key pair)
    • Key length
    • Key validity period
    • Key usage
  9. Review the information on the page. If you want to make any changes. click Back.
  10. Click Next to display the certificate details page.
  11. Optionally type a name for the certificate in the Name field. This name can help you identify the certificate in the display lists of the user interface. By default the system uses the community name as the certificate name.
  12. On this page you can select an option for making the certificate the default certificate. The options that are displayed vary depending on the usage that you selected for the certificate:
    • Make this the default signing certificate – Appears only if the certificate is used for digitalSignature or nonRepudiation, or both. If this option is displayed, it is selected by default.
    • Make this the default encryption certificate – Appears only if the certificate is used for keyEncipherment. If this option is displayed, it is selected by default.
    • Make this the default certificate for SSL client authentication – Appears only if the certificate is used for digitalSignature or nonRepudiation, or both. The community presents this certificate to a partner who requests client authentication to connect to a SSL server. See SSL authentication. If this option is displayed, it is not selected by default.
  13. If the option Send certificate exchange messages to partners is displayed, see Replace certificates automatically for information about CEM and SCX certificate exchanges.
  14. This option is displayed only if:
    • There is an A2 trading pickup correctly defined on the community.
    • The community is completely and correctly defined.
    • The community's default pickup allows certificate exchanges.
    • The partner with whom the community is trading has anA2 default delivery that allows certificate exchanges.
  15. Click Finish to generate the certificate. After the certificate is generated, the certificates page reappears and displays the new certificate.

Distribute certificate information

  • If you are setting up a community for the first time, you must distribute your certificate information by sending it to partners by email or some secure means. For distributing certificates to trading partners who also use Axway software (B2Bi, Interchange, Activator), this can be done by exporting your certificate as part of your community. See Back up a community as a partner.
  • If you need to distribute your certificate to your trading partners who use other interoperable software, see Export a certificate to a file.
  • Before you attempt to exchange encrypted and signed documents, you should contact each partner with whom you exchanged certificates and confirm that the fingerprints in both your certificates are identical.

Related Links