4.4. Sending an Issued Certificate to the Requester

4.4. Sending an Issued Certificate to the Requester

When the CM has issued a certificate in response to a request, the user who requested it must receive a copy to install locally. Users install user certificates, such as agent certificates, in client software. Server administrators install servers certificates in the servers that they manage.

Depending on how the Certificate System is configured, an end user who requests a certificate might receive automatic email notification of the success of the request; this email message contains either the certificate itself or a URL from which the user can get the certificate.

If the system is not configured for automatic notification or if the requester is a server administrator, the issued certificate must be sent manually to the requester by the agent, or the requester must be directed to retrieve it from the CM's end entities page.

Figure 4.5, “A Newly Issued Certificate Page” shows a web page containing a new certificate. This is the page shown after the agent selects Approve this certificate request.

A Newly Issued Certificate Page
Figure 4.5. A Newly Issued Certificate Page

To copy and mail a new server certificate to the requester, do the following:

  1. Create a new email addressed to the requester.

  2. From the agent services window where the new certificate is displayed, copy only the base-64 encoded certificate, including the marker lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

  3. Paste the base-64 encoded certificate into the email message body, and send the message.

To deliver a new client certificate to the requester, note the serial number of the approved request, and do the following:

  1. Open to the agent services page, click List Requests in the left frame, enter the serial number for the approved request, and click Find.

  2. In the Request Queue form, click Details beside the relevant request. Right-click the certificate serial number, and choose Open Frame in New Window from the pop-up menu.

  3. In the new browser window containing the certificate, copy the URL from the location or address field.

  4. Create a new email message addressed to the requester.

  5. Paste the URL into the body of the message, along with instructions to for the requester to go to that URL and click the Import button at the bottom of the page to import the certificate.

Alternatively, include the URL for the agent services page in the email message along with the certificate serial number, and instruct the user to do following:

  1. Click the Retrieval tab. The List Certificates form should appear.

  2. Enter the serial number of the certificate in both serial number fields.

  3. Click Find.

  4. When the Search Results form appears, click Details.

  5. When the certificate appears, scroll down to the bottom of the form, and click Import Certificate.