Generate a signing key on CryptoHub and create a certificate for use in ADSS signing profiles.Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
Generate a signing key on the HSM
Generate a new key
Click New and configure the following:
| Setting | Value |
|---|---|
| Key Alias | A descriptive name (e.g., SigningKey) |
| Purpose | Select a purpose for the key |
| Crypto Profile | Select “CryptoHub” or the alias you set |
| Key Algorithm | Choose RSA or ECDSA |
| Key Length (and Curve Type if you selected ECDSA) | Choose a key length (and curve type if applicable) |
| Description (optional) | Add a description |
| Private key export settings | Choose whether the private key can be exported from the HSM as a PFX/PKCS#12 file |
Create a certificate using the CryptoHub key
Navigate to the Service Keys menu
In the ADSS Admin Console, return to the Key Manager > Service Keys menu.
Select the CryptoHub key
Select the key created in the previous step and click the Certificates button.
Create a CSR or self-signed certificate
You should see information about the CryptoHub key you selected. Click the Create CSR/Certificate button.
Configure the certificate details
Configure the required certificate fields (Certificate Template, Certificate Alias, Common Name, Organization, etc.) as required by your certificate policy.
Choose the certificate type
Select one of:
- Use External CA - This is the Certificate Signing Request (CSR) option. Submit to your CA for production use.
- Create Self-Signed Certificate — for testing and development environments
Generate the CSR or self-signed certificate
Click OK and follow the steps for the option you chose.If you chose CSR: You will see the PKCS#10 certificate request on the screen. Click Save As to download the CSR file, then submit it to your CA to issue the certificate. Once your CA returns the signed certificate, go back to the Certificate Manager, select the Pending certificate entry, and click Import Certificate. Browse to your signed certificate file and click OK to import it.If you chose self-signed certificate: You should see a message confirming the key pair was generated successfully. To apply the changes, restart the Unity Console manually via its GUI.
If you have not already imported your CA certificate in Trust Manager, you will see the message, “The certificate is not trusted - do you still want to import this certificate?” Please refer to Ascertia’s ADSS Trust Manager documentation for guidance on how to register Trust Authorities (TAs).
The certificate appears in the Certificate Manager with a Status of Active, associated with the CryptoHub-backed signing key.