Certificate Checkout¶
Checking out a certificate, can also be seen as simply exporting the certificate in the specified format and with some other options available, depending on the certificate itself.
TrustView has a specific set of checkout formats, which may differ depending on whether it is a SSL certificate or OCES certificate that is being checked-out. SSL certificates has more checkout formats available in TrustView, because a wider range of formats is often required, compared to OCES certificates.
Important
To be able to checkout a certificate from TrustView with the private key, TrustView must have it stored (and if stored, the private key will always be stored encrypted in the database). If the certificate is ordered with the CSR (Certificate Signing Request) method without a private key, the private key can be manually added later.
Note
If you are in need of other checkout formats, contact our , and we may be able to add them, but it would also be possible to convert the format on your own, with a tool such as OpenSSL.
Checkout formats (with private key)¶
PFX and PKCS12¶
PKCS12 is also known as PFX and can be used interchangeably. This format contains private keys, public keys and X.509 certificates.
It stores them in a binary format. The standard extension for this format is .pfx or .p12.
PEM¶
This format contains private keys, public keys and X.509 certificates. It is the default format for OpenSSL.
It stores the data in either ASN.1 or DER format, surrounded by ASCII headers, so it is suitable for sending files as text between systems.
A file can contain multiple certificates. The standard extension is .pem.
JKS¶
A JKS file is an encrypted security file used to store a set of cryptographic keys or certificates in the binary Java KeyStore format. The standard extension is .jks.
DER¶
This format contains private keys, public keys and X.509 certificates. It is headerless and is the default format for most browsers.
A file can contain only one certificate. Optionally, the certificate can be encrypted. The standard extension is .cer or .der.
Checkout formats (without private key)¶
PEM¶
Same as above, but does not contain any private keys.
DER¶
Same as above, but does not contain any private keys.
PKCS7¶
This is the Cryptographic Message Syntax Standard. A file can contain multiple certificates. Optionally, they can be hashed.
This format does not contain a private key. As well as the original PKCS #7, there are three revisions: a, b, and c.
The standard extensions for these four versions are .spc, .p7a, .p7b and .p7c respectively.
Certificate checkout process¶
History¶
The history provides an overview of each certificate checkout, with details such as the date and format of each checkout.
Download and manual distribution of password¶
If you want to download the certificate (in your preferred format) and manually distribute the password and certificate, choose this checkout option.
Important
Before pressing Perform checkout you have to remember or save the password in a text file, since it will not be
downloaded like the certificate file.
Send certificate using e-mail and password using SMS¶
If you want to send the certificate (in your preferred format) via e-mail and send the password via SMS, choose this checkout option.
Note
When pressing Perform checkout the certificate will be sent to the specified e-mail
and the password will be sent via SMS, to the number specified.
Send certificate using e-mail and password in a separate e-mail¶
If you want to send the certificate (in your preferred format) and send the password in a separate e-mail, choose this checkout option.
Note
When pressing Perform checkout the certificate and password will be sent to the specified e-mails, in separate e-mails. Be mindful of that the password will be displayed in clear text.
Checkout of public key¶
Here you can choose to download the public key associated with the certificate or have it sent via a specified e-mail. When checking out a public key, no private key is included in any of the checkout formats.
