Manage certificates

Use the Certificates pane of the User Account page to manage user certificates.

The following topics provide how-to instructions for managing certificates:

Generate a partner PGP key

Use the following procedure to generate a partner PGP key.

  1. Select Accounts > User Accounts.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab.
  5. Click Partner Certificates sub-tab.
  6. The Partner Certificates options are displayed.
  7. Click Generate to generate a partner PGP key.
  8. The Generate Certificate dialog box is displayed.
  9. Fill in the fields in the Generate Certificate dialog box and click Generate.
  10. The Save PGP keypair file dialog box is displayed.
  11. Enter the password in the Password field and enter it again in the Confirm Password field.
  12. Click Continue.
  13. You are prompted to open or save the PGP ASCII-Armored (.asc) file. This file contains both the public and private keys.
  14. Save a copy of the PGP file and send it to the account user so they can transfer files successfully with PGP encryption.
  15. The certificate is added to the partner certificates for the user. Only the public key is stored.

Import a partner PGP key

Use the following procedure to import a partner PGP key.

  1. On the Partner Certificates sub-tab, click Import.
  2. The Import Certificate/Key dialog box is displayed.
  3. Select PGP key, fill in the Alias field, and select the appropriate radio button to Import certificate from file or Paste certificate in space below.
  4. The value you specify in the Alias field cannot exceed 50 characters in length.
  5. As required, enter the name of the .asc file, browse to it, or paste the PGP public key block into the text field.
  6. Click Import.
  7. The certificate is added to the partner certificates for the user. Only the public key is stored.
Note The PGP keys imported for use with an account must specify signing algorithms.

Delete a partner PGP key

Use the following procedure to delete a partner PGP key.

  1. On the Partner Certificates sub-tab, select the check boxes for the certificates to delete.
  2. Click Delete.

Export a PGP public key

Use the following procedure to export a PGP public key.

  1. On the Partner Certificates sub-tab, click the certificate you want to export.
  2. The View Certificate dialog box is displayed.
  3. Click Export.
  4. Save the .asc file with the public key.

View a login certificate

SecureTransport uses login certificates when the respective (currently active) account logs in to a SecureTransport Server using a certificate or SSH Key.

You can view, generate, import and delete login certificates for the active account from the Login Certificates tab.

Note SecureTransport generates only X509 login certificates, but you are allowed to import both X509 and SSH Key certificates.
  1. Select Accounts > User Accounts.
  2. Click the name of the account for which you want to view the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab.
  5. The list of login certificates for the selected account is displayed.
  6. Click the View link for the certificate you want to view.
  7. Certificate information for the certificate you selected is displayed in a View Certificate dialog box.

Export a login certificate

Use the following procedure to export a login certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab.
  5. The list of login certificates for the selected account is displayed.
  6. Click the name of the certificate you want to view.
  7. Certificate information for the certificate you selected is displayed in a View Certificate dialog box.
  8. Click Export or Export as SSH Public Key, as desired.
  9. When prompted, save the file containing the key on your file system.

Generate a login certificate

Use the following procedure to generate a login certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to add the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab.
  5. The list of login certificates for the selected account is displayed.
  6. Click Generate. The Generate Certificate dialog box is displayed.
  7. Type the necessary information in the Generate Certificate dialog box, and then click Generate.
  8. Validity in days and Common Name (CN) are required fields.

Import an X509 login certificate

Before the user attempts to log in using an imported certificate, ensure that the CA referenced in the certificate is include in the trusted CAs for the SecureTransport server. For details, see Manage trusted CAs.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to import the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab.
  5. The list of login certificates for the selected account is displayed.
  6. Click Import.
  7. The Import Certificate/Key dialog box is displayed.
  8. Select X509 Certificate.
  9. Type the necessary information in the Import Certificate/Key dialog box.
  10. Paste the certificate content directly in the provided space, or import the certificate from a file. To import from file, type the file path or click Browse to browse for the file.
  11. Click Import.
Note Login X509 certificates must be unique.

Import an SSH login public key

Note SecureTransport supports the use of both DSA and RSA SSH keys as SSH login public keys.

Use the following procedure to import an SSH login public key.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to import the certificate. The User Account Settings page is displayed with details for the selected account.
  3. Click the Certificates tab. The list of login certificates for the selected account is displayed.
  4. Click Import.
  5. The Import Certificate/Key dialog box is displayed.
  6. Select SSH Key.
  7. Type the necessary information in the Import Certificate/Key dialog box.
  8. Validity in days is a required fields.
  9. Note CA Key Password and Common Name (CN) are not a required fields. When a SSH key is imported (without providing the internal CA key password), the key will be stored as X.509 certificate and signed with temporarily generated certificate. As a result, the SSH key will be stored as X.509 self-signed certificated.
  10. Paste the SSH public key directly in the provided space, or import the SSH public key from a file. To import from file, type the file path or click Browse to browse for the file containing the key.
  11. Click Import.
Note The SSH login public key may not be unique.

Delete a login certificate

Use the following procedure to delete a login certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab.
  5. The list of login certificates for the selected account is displayed.
  6. Select the check box next to the certificate you want to delete, and then click Delete.
  7. Click OK to confirm the deletion of the certificate. Otherwise, click Cancel. If OK is clicked, the selected certificate will be deleted and cannot be recovered.

View a partner certificate

SecureTransport uses partner certificates as public certificates for encrypting PGP and AS2 data to the respective account and for verification of the signature of data from the account.

You can view, generate, import and delete partner certificates for the active account from the Partner Certificates tab page.

  1. Select Accounts > User Accounts.
  2. Click the name of the account for which you want to view the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Partner Certificates.
  5. A list of partner certificates for the selected account is displayed on the Partner Certificates page.
  6. Click the alias name of the partner certificate you want to view.
  7. Partner certificate information is displayed in the View Certificate dialog box.
Note SecureTransport generates and imports X509, PGP, and SSH partner certificates.

Export a partner certificate

Use the following procedure to export a partner certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Partner Certificates.
  5. A list of partner certificates for the selected account is displayed on the Partner Certificates page.
  6. Click the name of the certificate you want to export.
  7. Partner certificate information is displayed in the View Certificate dialog box.
  8. Click Export.
  9. When prompted, save the file containing the key on your file system.

Generate an X509 partner certificate

Use the following procedure to generate an X509 partner certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to add the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Partner Certificates.
  5. A list of partner certificates for the selected account is displayed on the Partner Certificates page.
  6. Click Generate.
  7. The Generate Certificate dialog box is displayed.
  8. Select X509 Certificate.
  9. Type the necessary information in the Generate Certificate dialog box.
  10. Alias, Validity in days, and Common Name (CN) are required fields. The value you specify in the Alias field cannot exceed 50 characters in length.
  11. Click Generate.

Generate a PGP partner certificate

Use the following procedure generate a PGP partner certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to add the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Partner Certificates.
  5. A list of partner certificates for the selected account is displayed on the Partner Certificates page.
  6. Click Generate.
  7. The Generate Certificate dialog box is displayed.
  8. Select PGP Certificate.
  9. Type the necessary information in the Generate Certificate dialog box.
  10. Alias, Validity in days, and Full Name are required fields. The value you specify in the Alias field cannot exceed 50 characters in length.
  11. Click Generate.

Import an X509 or PGP partner certificate

Use the following procedure to import an X509 or PGP partner certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to import the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Partner Certificates.
  5. A list of partner certificates for the selected account is displayed on the Partner Certificates page.
  6. Click Import button.
  7. The Import Certificate/Key dialog box is displayed.
  8. Select the certificate type of the certificate you want to import: X509 or PGP.
  9. Type the necessary information in the Import Certificate/Key dialog box.
  10. Paste the certificate content directly in the provided space, or import the certificate from a file. To import from file, type the file path or click Browse to browse for the file.
  11. Click Import.
Note The PGP keys imported for use with an account must specify signing algorithms.

Delete one or more partner certificates

Use the following procedure to delete one or more partner certificates.

  1. Select Accounts > User Accounts. The User Accounts page is displayed.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Partner Certificates.
  5. A list of partner certificates for the selected account is displayed on the Partner Certificates page.
  6. Select the check box next to the certificate you want to delete, and then click Delete.
  7. Click OK to confirm the deletion of the certificate. Otherwise, click Cancel. If OK is clicked, the selected certificate will be deleted and cannot be recovered.

View a private certificate

SecureTransport uses private certificates to log in to remote transfer sites for this account, as well as for decrypting and signing PGP and AS2 data.

You can view, generate, import and delete private certificates for the active account from the Private Certificates page.

  1. Select Accounts > User Accounts.
  2. Click the name of the account for which you want to view the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Click the name of the certificate you want to view.
  7. Private certificate information is displayed in the View Certificate dialog box.

Export the SSH public key of an X509 private certificate

Use the following procedure to export the SSH public key of an X509 private certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Click the name of the certificate you want to export.
  7. Private certificate information is displayed in the View Certificate dialog box.
  8. Click Export SSH Public Key.
  9. When prompted, save the file containing the key on your file system.
Note An SSH Key can be exported for each X509 certificate. In SecureTransport, all certificates are stored as X509 or PGP ones. Imported SSH Keys are also stored as X509 certificates.

Generate an X509 private certificate

Use the following procedure to generate an X509 certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to add the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Click Generate.
  7. The Generate Certificate page is displayed.
  8. Select the X509 Certificate / SSH key radio button.
  9. Select either a Self-issued Certificate or a Certificate Signing Request (CSR).
  10. Note If you select Certificate Signing Request (CSR), the field below theSelf-issued Certificate option are disabled for editing.

  11. Depending on your choice, type the necessary information.
  12. Alias, Validity in days, and Common Name (CN) are required fields. The value you specify in the Alias field cannot exceed 50 characters in length.
  13. Click Generate.

Generate a PGP private certificate

Use the following procedure to generate a PGP private certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to add the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Click Generate.
  7. The Generate Certificate page is displayed.
  8. Select the PGP Certificate radio button.
  9. Type the necessary information and click Generate.
  10. Alias, Validity in Days, and Full Name are required fields. The value you specify in the Alias field cannot exceed 50 characters in length.

Import an X509 or PGP private certificate

Use the following procedure to import an X509 or PGP private certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to import the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Click Import.
  7. The Import Certificate/Key page is displayed.
    1. Select the type of the certificate you want to import: X509 or PGP.
    2. Type the certificate Alias. The value you specify in the Alias field cannot exceed 50 characters in length.
    3. Type the certificate Password, if one was specified during the certificate generation.
    4. Paste the certificate content directly in the provided space, or import the certificate from a file. To import from file, type the file path or click Browse to browse for the file.
  8. Click Import.
Note The PGP keys imported for use with an account must specify signing algorithms.

Import an SSH private certificate

Use the following procedure to import an SSH private certificate.

  1. Select Accounts > User Accounts.
  2. Click the name of the account where you want to import the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Click Import.
  7. The Import Certificate/Key page is displayed.
  8. Select the certificate type of the certificate you want to import: SSH Key.
  9. Type the CA Key Password specified during the certificate generation.
  10. Note CA Key Password is not a required field. When a SSH key is imported (without providing the internal CA key password), the key will be stored as X.509 certificate and signed with temporarily generated certificate. As a result, the SSH key will be stored as X.509 self-signed certificate.
  11. Type the information necessary to import the key.
  12. Alias and Validity in days are required fields. The value you specify in the Alias field cannot exceed 50 characters in length.
  13. Paste the certificate content directly in the provided space, or import the certificate from a file. To import from file, type the file path or click Browse to browse for the file.
  14. Click Import.

Delete private certificates

Use the following procedure to delete private certificates.

  1. Select Accounts > User Accounts.
  2. Click the name of the account containing the certificate.
  3. The User Account Settings page is displayed with details for the selected account.
  4. Click the Certificates tab, and then click Private Certificates.
  5. A list of private certificates for the selected account is displayed on the Private Certificates page.
  6. Select the check boxes next to the certificates you want to delete, and then click Delete.
  7. Click OK to confirm the deletion of the certificate. Otherwise, click Cancel. If OK is clicked, the selected certificate will be deleted and cannot be recovered.

Related Links