13.2. Usage

Signed requests must be submitted to the CA to be processed.
  1. Create a PKCS #10 certificate request using a tool like certutil.
  2. Copy the PKCS #10 ASCII output to a text file.
  3. Run the CMCEnroll command to sign the certificate request. If the input file is request34.txt, the agent's certificate is stored in the ~jsmith/.mozilla/firefox directory, the certificate common name for this CA is Certificate Manager Agents Cert, and the password for the certificate database is 1234pass, the command is as follows: 
    CMCEnroll -d "~jsmith/.mozilla/firefox" -n "Certificate Manager Agents Cert" -r "/export/requests/request34.txt" -p "1234pass"
    The output of this command is stored in a file with the same filename and .out appended to the filename.
  4. Submit the signed certificate through the CA end-entities page.
    1. Open the end-entities page.
    2. Select the CMC Enrollment profile form.
    3. Paste the content of the output file into the first text area of this form.
    4. Remove -----BEGIN NEW CERTIFICATE REQUEST----- and ----END NEW CERTIFICATE REQUEST----- from the pasted content.
    5. Select Certificate Type User Certificate, fill in the contact information, and submit the form.
  5. The certificate is immediately processed and returned since a signed request was sent and the CMCAuth plug-in was enabled.
  6. Use the agent page to search for the new certificate.