Generate and sign an Attribute Certificate
If you have included any attributes in your use-conditions that can are
not included in Identity Certificates (ones other than "o","ou" and
"cn"),
you will need to issue attribute certificates for each person who you
want to
have that attribute. For example, if you chose group/my_friends, you
need to issue an
Attribute Certificate for each person you want to be in the group
my_friends.
- Run the script AkentiCertificateManager.sh, click New
--> Attribute Certificate Generator or Alt-3.
- The first window will ask for the name of the resource for which
you are creating this use-condition and the location of the Policy
Definition server for the resource tree. The resource name is specified
as the resource tree name and a name relative to that base. You
can use the browse button next to the Resource field
to show all the roots. If you are unsure of the exact resource name,
the browse button next to the resource field will
cause the generator to go off to the Policy Definition server and get a
list of all the resources on that server. The base URL can
optionally be created using the Directory
Builder. Supported protocols: http, https, file
By Clicking
the Create
button next to the base URL field, the Directory Builder Pane will be
displayed. Select the protocol, fill in the appropriate fields,
click OK, finally click Next to continue.

- On the next screen, the left window lists all the attributes
currently known to the resource server. Selecting a value here will
bring up a list of known values in the right text window. If no Attributes are listed, you can type
in the Attribute and Value in their respective fields,
then click Next to continue.

- After you have selected or entered an attribute and value and
clicked on
"next" you are asked to identify yourself as one of the allowed
attribute issuers.
Next the Akenti Principal Panel is displayed.
You can
either
manually enter the information in the fields or click the Search button.

Start
by choosing a protocol (ldap, http, file) and enter the appropriate
information in the relative fields or if the hint button is enabled,
you can use "hints" to fill in this information for you.

Here's an example when the hint button is enabled
and clicked
upon. Next you would click on CA from the list then click OK.

Then select the directory where the CA's Identity Certificate is located.

- Select the duration of how long you would like this certificate
to be valid for from the pull down menu, then click Next.

- Finally you are given a window that displays what you have done
and gives you a chance to go back and make changes.

- Click next and you are
presented with a window to select the
keyfile where your private key is stored, the passphrase with which it
is encrypted and where you want to store the signed certificate. You
need to store this certificate someplace where it can be accessed via a
URL.

- After filling in all the fields click "sign and save".
- Once the certificate has been signed and saved, the generator
will go back to the first window to allow you to generate another
certificate. If you are done, click close.