When generating self‑signed certificates using GENCERT, a public/private key pair is built and stored within the certificate. The private key always remains with the certificate unless it is sent to a third‑party as a certificate request. When a GENREQ certificate request is sent to a third‑party, the returned certificate will not contain the private key. This happens because private keys are not shipped as part of a certificate request.
To use a third‑party certificate, the private key must be re‑connected to the certificate. This is accomplished automatically when a TSS ADD command is issued to re‑connect the third‑party certificate to the same user id that has the (model) certificate. The original, self‑signed certificate private key, is connected to the new certificate.
As long as the user ID is the same and the public key within the third‑party certificate matches the original certificate, the private key is connected.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|