Overview
This tool will help you to easily generate cryptography keys, certificate signing requests and process responses once when you get them from Freja eID support.
You can download the tool by clicking here.
If you are using Open SSL, we also have a step-by-step guide on that here.
General recommendations: This tool is intended to be used with a GUI. If you don't have one, we recommend using open ssl mentioned above. While you are free to use this tool on your own desktop, we recommend you use it on the server where the generated keypairs and certificate will be used, in order to avoid copy/pasting them from your machine onto the server. |
1. Starting the tool
To start the tool, open Terminal or Command Prompt in the folder in which the tool is located. Then run the following command:
java -jar RelyingPartySslCertTool-1.0-fat.jar
2. Selecting the environment
Choose the environment for which you want to generate the SSL certificate.
3. Menu
Next, a window will open with options to choose from.
- Generate Key and CSR: for generating a key pair and certificate signing request.
- Process Certification Response: if you already generated your key pair and CSR and you got the answer from Freja eID support.
- Test Connection: after processing the response from Freja eID support, this option is for testing the connection with the Freja eID server. The connection will be tested against the test or production server, based on the chosen environment.
4. Generating key and CSR
Enter information about your organisation into the fields. The key pair and certificate signing request will be generated based on that information.
- Country: the country your organisation operates in. (mandatory)
- Organisation name: legal name of the organisation, as registered with the company register of the country it operates in. (mandatory)
- Organisation identifier: company registration number, as registered with the company register of the country it operates in. (mandatory)
- Common name: function qualifier, if required. (optional)
- Organisational unit: internal organisational qualifier, if required. (optional)
- Keystore password: here you must set the password of the keystore in which your private key will be stored. (mandatory)
- Output directory: folder where the generated keystore and CSR will be stored. (mandatory) Default is the folder where the tool is placed.
Once you have entered the necessary data, click on 'Generate'.
This will generate a keystore (which contains the private key of your key pair) and an archived CSR in the chosen directory.
You will have to send the archived CSR to our partner support at [email protected]
5. Processing the response
When Freja eID support process your CSR, you'll get an email with the following:
- Freja eID's offline root certificate;
- Freja eID's Issuing Certificate Authority;
- Freja eID certificate chain. Contains booth root and CA certificates;
- your relying party issued certificate.
Click on 'Unzip File' to unzip the file.
If you already unzipped the response from the email, click on 'Already Unzipped File' to process the certification response.
5.1 Unzipping the file
Select the zipped file that you got from Freja eID support and the location where you want to unzip it and click on 'Unzip File'.
The result of the operation is an unzipped file and you'll be redirected to a window for processing the certification response.
5.2 Process Certification Response
To process the certification response, you'll need to select the:
- client certificate file from the previously unzipped file;
- certificate chain;
- keystore which is generated in the 'Generate Key and CSR' step;
- password for that keystore.
All fields are mandatory.
When you click on 'Process Certification Response' the app will check if the certificate can be chained with an existing certificate chain. If it is, it will store it in the keystore.
After that you'll be redirected to the window for testing the connection.
6. Test Connection
Select your keystore and password to test the connection with the Freja eID server.
The app will know which server to call based on the environment you chose in the beginning.
If you would like to change environment, click 'Back'.