11.3.7.4. Procedure – Signing CA certificates with external CAs

If you want to use an external CA to sign the certificate of a local CA, complete the following steps.

  1. Generate a private-public keypair and an associated certificate signing request (CSR) using the Generate button of the Certificates tab.

  2. Export this CSR into a file using the Export button.

  3. Have the CSR signed.

  4. If the CA approves your identity and signs the certificate, Import it to the PKI system of MS.

    Note

    Make sure the appropriate entity is selected (that is, the signed certificate to the proper CSR is imported) and the Import into selected object option is checked in.

  5. The certificate entity can now be distributed and used on your machines.