Search in this section

Skip to end of metadata
Go to start of metadata
Table of Contents

If you order a S/MIME certificate, the PrivateKey is created by the CA and can therefore be found in the systems of the certification authority at short notice. If, for security reasons, you want to create your own PrivateKey and use it when ordering, this is possible during the ordering process.
By using your own PrivateKey, you increase the security of the certificate, since nobody but you has ever received the Private Key. This is a simple method to further increase the security.  You will need to generate a special Key/CSR for S/MIME certificates.

Create your own private key / CSR

How to create the key on a Linux system using OpenSSL

  1. Create a PrivateKey. Set a password for the PrivateKey and confirm it.

    openssl genrsa -out my.key -des3 4096
  2. Create a CSR. Enter the password for the private key.

    openssl req -new -key my.key -out my.csr
  3. Follow the instructions until the CSR is created.

When ordering in the SSL Manager, you must now tick the box "Use private key / CSR". The rest of the order process works as usual. Use this CSR when retrieving the certificate from GlobalSign. The S/MIME certificate will now be signed to match your PrivateKey. If you use your own PrivateKey, the name entered in the Common Name (CN) is used for the certificate. Any different names that were entered when you ordered via the SSL Manager will be overwritten with the Common Name from your CSR at the CA.
Please make sure that the names are identical in order to avoid problems when issuing certificates. This is especially true for Personal Sign Class 2 Department certificates.

When ordering in the SSL Manager, you must now check the box "Use own PrivateKey/CSR". The rest of the order works as usual.

  • No labels