Procedures for Managing the Transport Key

You can generate either a TK and a Certificate Signing Request (CSR), or a TK and a self-signed certificate.

Option 1: Generate a Transport Key and Certificate Signing Request

1. Go to the Repositories Management page.

2. In the Certificate Authorities panel of the page, click Manage Transport Keys. The Transport Keys page appears:

   

3. For Storage Option, select either Software or Hardware.

   It is recommended that you use an HSM (the hardware option) for production environments. For test or lab environments where ActivID CMS is reinstalled several times with the same HSM, ActivID CMS deletes any previous TK present in the HSM the first time that it is started after the installation.

4. From the Key Length drop-down list, select a key length.

5. For Subject, enter a subject DN.

6. Click Generate key & CSR. The CSR is displayed as shown below:

   

   Important: Copy the CSR and paste it into a file. You need to keep this file as it will be required in order to update your transport key.

7. Use the CSR to generate a certificate on your CA, and save this certificate as a base64-encoded text file.

   Warning!  
   You must use a CA that accepts a base64 certificate request and is able to generate/output a certificate file from it. If you do not have this type of CA, or you prefer not to use a CA, then use Option 2 below to generate a Transport Key with a Self-Signed Certificate. .



8. Copy the .txt file content using a text editor (such as Notepad), and then close the window.

   

9. Paste the saved content into the Certificate box, and then click Save.

10. When the confirmation message appears, click Done.

Option 2: Generate a Transport Key and Self-Signed Certificate

1. Go to the Repositories Management page.

2. In the Certificate Authorities panel of the page, click Manage Transport Keys. The Transport Keys page appears:

   

3. For the Storage Option, select either Software or Hardware.

4. From the Key Length drop-down box, make a selection.

5. For Subject, enter a subject DN. .

6. Click Generate key & self-signed certificate.

   

7. Click Save.

8. When the confirmation message appears, click Done.

Before you can update a TK certificate, the CA must be installed, configured, and running. In addition, you must have already generated a Certificate Signing Request (CSR) in base64 format (see Option 1: Generate a Transport Key and Certificate Signing Request).

1. Go to the Repositories Management page.

2. In the Certificate Authorities panel of the page, click Manage Transport Keys. The Transport Keys page appears.

3. Click Update.

   

4. Download the certificate from your CA based on the CSR you previously generated (which must be in base64 format).

Important: You must use a CA that accepts a base64 certificate request and can generate/output a certificate file. If you do not have this type of CA, or you prefer not to use a CA, then use Option 2 above to generate a Transport Key with a Self-Signed Certificate.

5. Save the certificate as Transport.txt.

6. Open the file and copy its content.

   

7. Paste the content into the Certificate box, and then click Save.

8. When the confirmation message appears, click Done.

1. Go to the Repositories Management page.

2. In the Certificate Authorities section of the page, click Manage Transport Keys. The Transport Keys page appears:

   

3. Click Reset.

   

4. Click Delete.

5. When the confirmation message appears, click Continue.