Generate and sign an Policy Certificate
- Run the script AkentiCertificateManager.sh, click New
--> Policy Certificate Generator or Alt-1.
- The first window will ask for the name of the resource for which
you are creating this use-condition and the location of the Policy
Definition server for the resource tree. The resource name is specified
as the resource tree name and a name relative to that base. You
can use the browse button next to the Resource field
to show all the roots. If you are unsure of the exact resource name,
the browse button next to the resource field will
cause the generator to go off to the Policy Definition server and get a
list of all the resources on that server. The base URL can
optionally be created using the Directory
Builder. Supported protocols: http, https, file
By Clicking the Create
button next to the base URL field, the Directory Builder Pane will be
displayed. Select the protocol, fill in the appropriate fields,
click OK, finally click Next to contin

- If this is for a root resource,
then you must add a Certificate
Authority.

Here
you must provide an X509 chain for the Certificate
Authrority, at least one Identity Certificate Directory. Start by
adding a X509 Chain by
clicking on the respective Add
button.

Start by
choosing a protocol (ldap, http, file) and enter the
appropriate information in the relative fields or if the hint button is
enabled, you can use "hints" to fill in this information for you

Here's an
example when the hint button is enabled and clicked
upon. Next you would click on CA from the list then click OK.

Then select
the directory where the CA's Identity
Certificate is located.

Next, we'll add an
X509 identity directory, optionally you can
also add X509 CRL directories in the same fashion you would add an X509
identity directory. Click on the repective Add button for X509 Identity
Directories,
this will cause the Directory Builder to be
displayed. Select the protocol, fill in the appropriate fields,
and click OK.

After inputing the CA's
information click Add CA Info
then click Next to continue.

- If a desired group is listed you can click Next to continue. Otherwise
click Create Group.
We'll start by adding a Use
Condition Issuer then add a Use
Condition Directory.

To add Use Condition
Issuer(s) click the relative Add
button which will display the
Akenti Principal Panel. You can either manually enter the
information in the fields or click the Search button.

Start by choosing a protocol
(ldap, http, file) and enter the
appropriate information in the relative fields or if the hint button is
enabled, you can use "hints" to fill in this information for you.

Here's an example when the hint
button is enabled and clicked
upon. Next you would click on CA from the list then click OK.

Then select the directory where the CA's Identity Certificate is located.

Next, we'll add an Use Condition
directory. Click on the
repective Add button for
UseCond Directories, this will cause the Directory Builder to be
displayed. Select the protocol, fill in the appropriate fields,
and click OK.

After you are satisfied with the entered
information, click Appy Changes,
then click Next.

- These names are taken from the policy
certificate for the resource. If your name does not appear in the list,
you are not authorized to create use-conditions for this resource. In
this case you should contact the Akenti resource administrator. At the
end of the use-condition creation process, you will be asked for the
file that contains the private key for the identity that you chose and
the passphrase that was used to encrypt that file. You must select an
name from the list, even if there is only one item, and click next.

- Adding Attribute Directories
is only required if this is for a root resouce. If it's not a
root resource click Next to
continue, otherwise click Add.
If you clicked Add, you
will be prompted with the Directory Builder. Select the protocol,
fill in the appropriate fields,
and click OK, then Next.

- Select the duration of how long you would like this certificate
to be valid for from the pull down menu, then click Next.

- Enter the Cache Time, the amount of time in seconds for the
policy to be stored in cache memory, then click Next.

- Next, you are given a window that displays what you have done
and gives you a chance to go back and make changes.

- Click next and you are
presented with a window to select the
keyfile where your private key is stored, the passphrase with which it
is encrypted and where you want to store the signed certificate. You
need to store this certificate someplace where it can be accessed via a
URL.

- After filling in all the fields click "sign and save".
- Once the certificate has been signed and saved, the generator
will go back to the first window to allow you to generate another
certificate. If you are done, click close.