Installing the ASP private key

The ASP should install the ASP leaf private key and certificate(s) into the software application that used to access the TID platform. This installation process is specific to the software application used by the ASP.

Multiple applications require the private key and certificate (chain) to be formatted as a single PKCS #12 file. You can use OpenSSL to convert PEM files into a PKCS #12 file, depending on the ASP certificate option chosen:.

• Option 1: One key pair with self-signed certificate

  If you are using a self-signed leaf certificate, use the following command:

  openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem ‑in asp_leaf_crt.pem ‑out asp.pfx

• Option 2: Certificate chain with Two levels of certificates

  If you are using a certificate chain with root and leaf certificates, use the following command:

  openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem -in asp_leaf_crt.pem ‑certfile client_certs.pem ‑out asp.pfx

  where:

  • client_certs.pem is a file containing the root certificate.

• Option 3: Certificate chain with Three levels of certificates

  If you are using a certificate chain with root, intermediate and leaf certificates, use the following command:

  openssl pkcs12 ‑export ‑inkey asp_leaf_key.pem ‑in asp_leaf_crt.pem ‑certfile client_certs.pem ‑out asp.pfx

  where:

  • client_certs.pem is a file containing the intermediate certificate and root certificate.

  In the above commands, asp.pfx is a PKCS #12 file containing the ASP’s leaf private key and certificate chain.