Managing certificates and private key

When you create a private X.509 certificate and generate a private key for it, you must enter information about the certificate using the Generate Private Key dialog. This information is then stored in the certificate.

Name	Description
Common Name (CN)	Free-form description
Organization (O)	Free-form description
Organizational Unit (OU)	Free-form description
Locality (L)	City
State/Province (ST)	State abbreviation
Country (C)	Country abbreviation; US = United States
Password	Click Click to Set, enter the password, and click Apply
Signature Algorithm	Selects the cryptographic Secured Hash Algorithm (SHA) used to generate the digital signature for the key. These are the available selections: SHA2-512 — 512-bit hash function using 64-bit words (default) SHA2-384 — 384-bit hash function using 64-bit words SHA2-256 — 256-bit hash function using 32-bit words SHA2-224 — 224-bit hash function using 32-bit words. This algorithm is not fully supported by some versions of Windows. SHA1 — 160-bit hash function. This algorithm is no longer approved for most cryptographic uses.
Key Length	Selects the length, in bits, of the generated key. These are the available selections: 2048 (default) 1024
Validity (in days)	365 (default)

When you create a PGP certificate and generate a private key for it, you must enter the following information, which is stored in the private certificate:

Name	Description
Identity	Free-form description
Pass Phrase	boomi
Key Algorithm	Selects the algorithm used to generate the key. These are the available selections: DSA — Digital Signature Algorithm (default) RSA — enables generation of an encrypted key
Key Length	Selects the length, in bits, of the generated key. These are the available selections: 4096 (available only if Key Algorithm is set to RSA, in which case this selection is the default) 2048 (available only if Key Algorithm is set to RSA) 1024 (this is the only available selection if Key Algorithm is set to DSA)

Creating a certificate and generating a private key

To create a certificate and generate a private key, use the Create Component dialog and the Generate Private Key Wizard.

1. On the Build page, click Create New.

2. From the Create Component dialog, search for or select PGP Certificate or X.509 Certificate.

3. Type a name for the certificate.

   The maximum length is 255 characters.

4. Optional: If you do not want the certificate to be stored in the default folder, click the Folder icon and select the desired folder.

5. Click Generate.

6. In the Generate Private Key Wizard that appears, enter the required information for the X.509 or PGP certificate.

7. Click OK.

   The X.509 or PGP certificate details are displayed on the tab.

   For an X.509 certificate, the generated Serial Number is a random integer in accordance with RFC 3280.

8. Click Save to save and continue working or Save & Close to save and close your certificate.

If you have a private certificate for which you did not generate a private key at the time of the certificate’s creation, you can generate the private key later using the Generate Private Key Wizard.

Importing a certificate

To create a certificate by importing an existing certificate, use either the Import Certificate Wizard or the Import PGP Certificate Wizard.

1. On the Build page, open an existing private or public certificate.

2. To import a certificate, click Import.

   The Import Certificate Wizard or Import PGP Certificate Wizard opens.

3. Click Choose a File and locate the private or public certificate file that you want to import.

   For a private X.509 certificate, you can import a chain of certificates. Those files have a file extension of .pfx or .p12. For a public X.509 certificate, you can manually concatenate a collection of certificates and import the .cer file.

   note

   Private X.509 certificates that you want to import must have an alias defined.

4. Optional: Enter a pass phrase or password, if required.

5. Click Finish.

   note

   Imported certificates are first passed through a virus scanner. The import results in an error if a virus is detected, and the certificate is rejected. If an error persists, contact Boomi Support.

   The certificate details are displayed on the tab.

6. Click Save or Save & Close.

Exporting a public or private key

You can export a public key for a public certificate to give to your trading partner (or other client application) to encrypt the data that they send you. Exporting of both public and private keys is allowed only for private certificates.

1. On the Build page, open an existing private or public certificate.

2. If you opened a public or private certificate, click Export Public Cert.

   The file is downloaded.

3. If you opened a private certificate, click Export Private Key.

   The file is downloaded.

Changing an X.509 certificate’s password

You can change an X.509 certificate’s password, provided that you have its current credentials.

1. Open an X.509 certificate.

2. Click Change Certificate Password.

3. In the Change Certificate Password dialog that appears, type the current password and then type the new password.

4. Click OK and then click Save.