Certificate management
Windows Certificate Store
Generating certificates in CryptoHub
7 min
in this section, we will log in to cryptohub, create an x 509 certificate container, generate a root ca, and issue a leaf certificate log in to the cryptohub web ui go to the hostname or ip address of the cryptohub web ui in your browser log in with your administrator users create an x 509 certificate container go to pki and ca > certificate management select \[ add ca ] in the x 509 certificate container creation dialog, configure the following settings name windows certificate store host none type x 509 owner group select the windows certificate store role created for the service generate a root ca certificate right click the certificate container you created and select add certificate > new certificate configure the following subject dn settings preset classic common name root configure the following basic info settings profile select certificate authority select \[ ok ] issue a leaf certificate right click the root ca certificate and select add certificate > new certificate configure the following subject dn settings preset classic common name leaf configure the following basic info settings leave the fields set to the default values configure the following v3 extensions settings profile select tls client certificate select \[ ok ] export the certificates right click the root ca certificate and select export > certificate(s) change encoding to pem and select \[ browse ] specify a filename for web transfer (e g , leaf cert pem ) and select \[ ok ] select \[ ok ] to initiate the export when prompted, save the certificate file repeat steps 1 5 for the leaf certificate assign names to the private keys go to key management > key database right click the leaf key pair in the keys section and select edit under key settings , enter "leaf" in the name field and select \[ ok ] to save right click the root key pair in the keys section and select edit under key settings , enter "root" in the name field and select \[ ok ] to save give the windows certificate store role permissions to use the private keys go to key management > key database right click the leaf key pair in the keys section and select permission select service windows certificate store in the dropdown menu and select \[ add ] grant the use permission and select \[ save ] repeat steps 1 4 for the root key pair