Installation of the ASP private key

The ASP needs to install the ASP leaf private key and certificate(s) into the software application that is used to access the TID platform. This installation process is specific to the software application used by the ASP.

Several applications require the private key and certificate (chain) to be formatted as a single PKCS #12 file. You can use OpenSSL to convert the PEM files into a PKCS #12 file. To do so, run the command for your ASP certificate option:

  • Option 1: Self-signed certificate

    If you are using a self-signed leaf certificate, run the following command:

    openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem ‑in asp_leaf_crt.pem ‑out asp.pfx

  • Option 2: Two-level certificate chain

    If you are using a certificate chain with a root certificate and a leaf certificate, run the following command:

    openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem -in asp_leaf_crt.pem ‑certfile client_certs.pem ‑out asp.pfx

    where:

    • client_certs.pem is a file that contains the root certificate.
  • Option 3: Three-level certificate chain

    If you are using a certificate chain with a root certificate, an intermediate certificate, and a leaf certificate, run the following command:

    openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem ‑in asp_leaf_crt.pem ‑certfile client_certs.pem ‑out asp.pfx

    where:

    • client_certs.pem is a file that contains the intermediate certificate and the root certificate.

    In the described commands, asp.pfx is a PKCS #12 file that contains the ASP’s leaf private key and the certificate chain.