Skip to main content
Skip table of contents

Issue a New PKCS#12 Keystore for an SSL Server

The following covers how to issue a PKCS#12 keystore suitable for SSL/TLS servers, such as web servers.

Before you begin, you should previously have created a certificate profile and end entity profile for SSL servers. For more information, see:

To request a certificate:

  1. Access EJBCA RA Web and click Make new request.
  2. In the Certificate Type field, select SSLServerEndEntityProfile.
  3. Under Certificate subtype, you should not be able to choose anything but the default SSLServerCertificateProfile.
  4. Under CA, you should not be able to choose anything but the default ManagementCA.
  5. Select the Key-pair generation option By the CA.
  6. In Key algorithm, select RSA 2048 bits.
  7. In CN, Common Name, enter
  8. In DNS Name, enter
  9. At Username, enter
  10. At Enrollment code, enter a password.  This will be the same password that is used to protect the certificate once downloaded.
  11. Click Download PKCS#12 to download and save the newly created certificate file.

A new certificate is generated and downloaded to your desktop.

To view the certificate, import the P12 certificate file by double-clicking it.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.