Assign the key pair to a certificate and apply an issuance policy

you must complete the tasks in this section on the {{ch}} to enable the {{futurex}} pkcs #11 library to find the key pair you generated by using java keytool in the previous section this process involves creating a certificate object from the key pair and assigning it an issuance policy create a certificate object perform the following steps to create a new certificate object from the key pair log in to the {{ch}} under dual control with your administrator identities go to pki and ca > pki signing approvals select \[ add approval group ] at the bottom of the page or right click the window background and select add approval group enter a name for the approval group and select \[ ok ] right click the new approval group and select permission select the apache tomcat role in the drop down menu and select \[ add ] then, grant the role the use permission and select \[ save ] go to pki and ca > certificate management select \[ add ca ] at the bottom of the page or right click the window background and select add ca enter a name for the x 509 certificate container and change the owner group to the apache tomcat service role then, select \[ ok ] right click the new x 509 certificate container and select add certificate > from private key select the private key you created by using java keytool in the previous section and select \[ ok ] in the subject dn tab, make the following changes preset select classic common name enter any name in the basic info tab leave the fields set to the default values in the v3 extensions tab select the tls server certificate profile select \[ ok ] apply an issuance policy perform the following steps to apply an issuance policy to the apache tomcat tls certificate right click the java jarsigner code signing certificate and select issuance policy > add in the basic info tab, make the following changes approvals select 0 allowed hashes select all of the sha hashes in the x 509 tab, make the following change default approval group select the approval group you created in the object signing tab, make the following change allow object signing select the checkbox to enable select \[ ok ]