How to enroll a certificate using the WebRA

1. Log in to Horizon registration authority Interface

2. Access Request Certificate from the drawer: requestCertificate Request Certificate

Profile tab

3. Fill in all the mandatory fields

  • Certificate profile*(string select):
    The certificate profile will be used in order to build the next step of the enrollment.

If decentralized enrollment is enabled for the profile:

Either:

  • CSR*(string):
    The CSR in PEM format

  • Import a CSR file*(file):
    The CSR file

If centralized enrollment is enabled for the profile:

  • Key type*(string select):
    The key type will be used for the private key generation

In case of the definition of a password policy:

  • Password*(string):
    The password will be used for the PKCS#12 encryption

You must comply with the configured password policy.

4. Click on Next button.

Data tab

5. Fill in all the mandatory fields:

  • Subject*(string):
    Fill the subject fields of the certificate

  • Subject Alternatives Names*(string):
    Fill the Subject Alternative Names of the certificate

  • Extensions*(string):
    Fill the extensions of the certificate

In decentralized mode, CSR values will be used as default for the corresponding fields.

You must comply with the configured regular expression(s) that you can get with the ? icon.

6. Click on next button.

Labels tab

7. Fill in all the mandatory fields:

  • Labels*(string):
    The labels will be used for permission, email and certificate search.

You must comply with the configured regular expression(s) that you can get with the ? icon.

  • Requester comment (string):
    This comment appears:

    • to the approver when your request is in the pending status.

    • in the certificate info after the enrollment.

8. Click on next button.

Ownership tab

9. Fill in all the fields:

  • Owner (string input):
    Displayed if an owner policy is set. The owner of the certificate can search it, and request other actions on it (such as revoke, recover, ..).

  • Contact email address (string email format):
    Displayed if an email policy is set. An email can be sent each time the request status changes (see request lifecycle). This will also set the contact email of the certificate.

  • Team (string input):
    Displayed if a team policy is set. A team has the same rights as an owner on a certificate.

10. Click on next button.

Summary tab

If you own the enrolling permission

11. Click on enroll button
You can download the PKCS#12 after the enrollment if you are allowed to in the profile

If you own the request certificate permission

11. Click on request button
You have to wait until your request is approved, afterward you will be able to download the PKCS#12 if you are allowed to in the profile