How to generate a CA Service Desk R11.2 PKI certificate for use with other CA applications via web services.

Document ID : KB000026073
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following set of steps will show how to create a CA Service Desk R11.2 PKI certificate, also known as a Public Key Infrastructure certificate, which allows a user to combine their digital signature with a public key to identify them. This certificate is used to allow computer users to show that they own the public keys they claim to. In other words, it is a security mechanism for public keys. A digital signature is required for the PKI certificate. This signature can either be made by an authority figure who assigns the certificates, the person whose identity is being confirmed, or even endorsers of the public key. With a PKI certificate generated, other CA applications (such as Portal, Service Delivery, DSM, etc.) can use this file within web services for authentication purposes and gain access to Service Desk features, such as ticket creation.

Solution:

GENERATING A PKI CERTIFICATE FROM SERVICE DESK:
Steps on how to create a valid PKCS #12 certificate for use with Service Desk

The following steps are to be executed from the primary Service Desk server and require USRD services to be recycled during the process.

- Log into CA Service Desk web interface as an administrator
In the administration tab, select Web Services Policy> Policies

A list of policies will be displayed, click on DEFAULT

Figure 1
Figure A

This will open the Access Policy Detail window for DEFAULT.

- Click on Edit

You will make 2 changes:

- Click on the Proxy Contact lookup and search for and select ServiceDesk
Make sure you check the Allow Impersonate box and save your changes.

- Recycle the CA Service Desk services.

Once services are back up, open a command prompt on the Service Desk server.

- Navigate to C:\Program files\CA\Service Desk\bin

- Run pdm_pki -p DEFAULT

A file called DEFAULT.p12 will be created under the bin directory.

YOU HAVE SUCCESSFULLY CREATED THE PKI CERTIFICATE