Scribd
Upload
13 views

SSL Certificate Process

The document describes the process for submitting and approving certificate signing requests (CSRs) for DXC's PKI. It involves 4 main steps: 1) the requestor generates a CSR, 2) checks it for issues, 3) submits it through the appropriate certificate profile portal, and 4) a PKI administrator approves or rejects the request in the PKI manager system. Key details provided include how to generate, check, and submit CSRs, as well as the approval process performed by the PKI administrator.

Uploaded by

lovemi13
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views

SSL Certificate Process

The document describes the process for submitting and approving certificate signing requests (CSRs) for DXC's PKI. It involves 4 main steps: 1) the requestor generates a CSR, 2) checks it for issues, 3) submits it through the appropriate certificate profile portal, and 4) a PKI administrator approves or rejects the request in the PKI manager system. Key details provided include how to generate, check, and submit CSRs, as well as the approval process performed by the PKI administrator.

Uploaded by

lovemi13
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

DXC Internal PKI-Manager

Submitting/approving certificate signing


requests (CSRs)
Overview:

1. Generating CSR(s) – performed by requestor


2. Checking CSR(s) – performed by requestor
3. Submitting CSR(s) – performed by requestor
4. Approving certificate request(s) – performed by PKI administrator

Generating CSR(s) – performed by requestor:

1. From the system in which the certificate is being requested, generate a CSR per the following
instructions:
a. For Wintel based systems:

Checking CSR(s) – performed by requestor:

1. Check your CSR for any issues via


https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
2. Correct any noted issues by regenerating a new CSR and checking it again.

3. Upon a successful check of your CSR, proceed to ‘Submitting CSRs’:

Submitting CSR(s) – performed by requestor:

1. Submit your CSR through the appropriate certificate profile (must use Internet Explorer):
a. DXC - SSZ - Domain Controller: https://pki.symauth.com/certificate-service?
ac=942289&pf=2.16.840.1.113733.1.16.1.3.1.2.1.357743863
b. DXC - SSZ - Member Server: https://pki.symauth.com/certificate-service?
ac=942289&pf=2.16.840.1.113733.1.16.1.5.3.1.1.357745802
c. DXC - SE - Domain Controller: https://pki.symauth.com/certificate-service?
ac=942289&pf=2.16.840.1.113733.1.16.1.3.1.2.1.357747790
d. DXC - SE - Member Server: https://pki.symauth.com/certificate-service?
ac=942289&pf=2.16.840.1.113733.1.16.1.5.3.1.1.357748808
2. The following is an example of submitting a checked CSR for a ‘DXC - SSZ - Member Server’
certificate:
a. Provide the DNS name of the system in which the certificate is being requested.
b. Provide any alternate names that are desired to be included in the Subject Alternative
Name (SAN) field of the certificate.
c. Provide the common name of the system in which the certificate is being requested
(usually the same as the DNS name)
d. For Member Server certificates, an additional Department (OU) field is provided for
certificate billing purposes. This field will become a required field soon.
e. Provide the email address where the certificate, once approved, will be sent to. Note,
this email address will also be used for SSL expiry notices as warranted.
f. Paste the contents of your .req file (CSR) into this field.

g. Click ‘Continue’ to submit your certificate request for approval.


Approving certificate request(s) – performed by PKI administrator:

1. Log in to the Symantec PKI manager via https://pki-manager.symauth.com/pki-manager/


a. A certificate request approver must 1) be a valid administrator within the PKI manager
and 2) have a valid PKI administrator client certificate available on their system.
2. Click the ‘Manager Users’ icon located in the bottom graphical navigation menu.
3. Search for the submitted certificate request:
a. Enrolled in: All Profiles (this account)
b. Search by: Seat ID
c. Enter criteria: Provide all or some of the common name of the submitted certificate
request.
d. Click Search. Results will be provided to the right of the search operations.
e. Click the item returned from the search operation.

f. Details of the submitted certificate request will then be shown. Click ‘Manage this
request’ to continue.
g. In the ‘View certificate request details’ pane, scroll down and locate the dropdown for
‘Approval status’.
h. Select ‘Approve’ to approve the certificate request. Select ‘Reject’ to reject the
certificate request.
i. Click ‘Save’ to continue.

j. Once approved, or rejected, a status email will be sent to the email address provided in
the originating certificate enrollment form. If approved, this email will include the
certificate and its issuing chain.

You might also like