Administration Guide › Set Up Encryption › About the DXcertgen Tool › Use DXcertgen to Request and Use a Third-party Certificate for a DSA Certificate

Use DXcertgen to Request and Use a Third-party Certificate for a DSA Certificate

By default, Dxcertgen creates a certificate and associated private key for each DSA and user. However, you can use Dxcertgen to request another Certificate Authority (CA) to create a certificate. You can then use DXcertgen to merge the DXcertgen private key with the CA-created certificate to create a DSA certificate and associated private key.

To Request and Use a Third-party Certificate for a DSA Certificate

1. Create a Certificate Signing Request (CSR). Use the following command:

   dxcertgen -D dsaname certreq
   

   Dxcertgen creates a private key to create the CSR.

   The command stores the CSR in DXHOME/config/ssld/dsaname.csr, and stores the private key in DXHOME/config/ssld/dsaname.key.

   Keep the private key, but send the CSR to the CA.

   Note: For the CA to sign the CSR, they might need additional information such as validity timeframes.

2. When the CA responds with a certificate, use the following command to merge this certificate with the private key that was used to create the CSR:

   dxcertgen -D dsaname -n ca_response_certfile certmerge
   

   DXcertgen stores the certificate and private key in DXHOME/config/ssld/personalities/dsaname.pem.

3. Add the certificate to the file trusted.pem. CA Directory trusts the certificate that you have created. You can use the following command to do this:

   dxcertgen -n ca_response_certfile importca
   

   Note: Use the file trusted.pem to contain root certificates only.