If you have not already done so,
install and configure PKI Services as a self-signed
certificate authority (CA). |
Follow the instructions in Planning, Configuring your system for PKI Services, and Customizing PKI Services. |
Remember to store your PKI Services CA signing
key in Integrated Cryptographic Service Facility (ICSF). |
Establish PKI Services as an intermediate
certificate authority under the IdenTrust root. |
Follow the instructions in Establishing PKI Services as an intermediate CA and inAdministering security for PKI Services. |
Send your certificate request to
IdenTrust for signing. To do this, follow the IdenTrust instructions
in IT-PKI to request a certificate for a "Participant CA
Key Signing and CRL Signing Certificate Profile". |
Modify the PKI Services configuration
file (pkiserv.conf). |
Steps to modify pkiserv.conf for different certificate types |
Make sure your certificate
policies are in accordance with IT-PKI. |
|
Steps to modify pkiserv.conf general settings |
Make sure your changes are
in accordance with IT-PKI. |
Create IdenTrust specific certificate
templates in the PKI Services certificate
templates file (pkiserv.tmpl). |
Steps to create IdenTrust specific certificate templates |
Make sure your certificate templates
are in accordance with IT-PKI. |
Stop and restart PKI Services to activate
your changes. |
Follow the instructions in Starting and stopping PKI Services. |
|