EJBCA - Open Source PKI Certificate Authority
Search ejbca.org for:
PrimeKey Support, Development and Maintenance services

Certificate Authority enrollment

Certificate authorities create, verify, renew, revoke, and reissue certificates. We are now using the Enterprise Java Bean Certificate Authority (EJBCA) via a secure (https) SSL connection.

Because we wish to tightly control who gets a SensorNet certificate, you will receive an invitation to get a SensorNet certificate. This will come by e-mail or surface mail.

It is vital that you import your certificate on a properly secured computer.

This means up-to date security patches, anti-virus, and anti-pest programs. Otherwise, your private key will be at risk, and security will be compromised. We strongly recommend that you use Firefox, Firefox, or Netscape 7.x because they handle certificates much better than Internet Explorer and have many fewer security holes.


Open the URL in your mail message to see the screen in Figure 1.

Click the for your browser link and enter the username and password that were in your e-mail (Figure 2), and click OK to generate your key pair.

Enrollment form

Generating key pair

When the key generation is finished, in Firefox, you are done. Do not press the OK Button a second time! Firefox may ask you to create a password to protect your key store. Choose a good password (at least 8 characters containing letters, numbers, special characters and no dictionary words) and remember it. You will have to supply this password whenever the certificate is used. Firefox uses this same password to protect other sensitive information you ask the browser to save, such as site passwords. Now learn to manage your certificates in Firefox.

Microsoft Internet Explorer

if you used Internet Explorer (IE), the situation is different (Figure 4). Be sure to choose the Microsoft enhanced Cryptographic Provider v1.0 in the drop-down box. When you click OK, the "Creating a new RSA exchange key" pop-up will appear. It is essential that you press the "Set Security Level" button. Otherwise, your private key will not be protected by a password. Be sure to choose the High security level.

Saving a new certificate in Internet Explorer

You will then be asked for a password to protect your certificate and then make sure that the "Creating a new Exchange key" dialog shows that the protection level is set to High (Figure 5). If you have XP Service Pack 2, several warning pop-ups may appear about allowing untrusted sites to install certificates. You trust us, so check OK if they appear.

The security level is now high

The import process is now complete (Figure 6).

IE import successful