- 14 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
Installation of the ASP Private Key
- Updated on 14 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
The ASP needs to install the ASP leaf private key and certificate(s) into the software application that is used to access the TID platform. This installation process is specific to the software application used by the ASP.
Several applications require the private key and certificate (chain) to be formatted as a single PKCS #12 file. You can use OpenSSL to convert the PEM files into a PKCS #12 file. To do so, run the command for your ASP certificate option:
Option 1: Self-signed certificate
If you are using a self-signed leaf certificate, run the following command:
openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem ‑in asp_leaf_crt.pem ‑out asp.pfx
Option 2: Two-level certificate chain
If you are using a certificate chain with a root certificate and a leaf certificate, run the following command:
openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem -in asp_leaf_crt.pem ‑certfile client_certs.pem ‑out asp.pfx
where:
client_certs.pem is a file that contains the root certificate.
Option 3: Three-level certificate chain
If you are using a certificate chain with a root certificate, an intermediate certificate, and a leaf certificate, run the following command:
openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem ‑in asp_leaf_crt.pem ‑certfile client_certs.pem ‑out asp.pfx
where:
client_certs.pem is a file that contains the intermediate certificate and the root certificate.
In the described commands, asp.pfx is a PKCS #12 file that contains the ASP’s leaf private key and the certificate chain.