Getting Started

The main window

The main SimpleAuthority window provides an overview of the "users" in your organisation and the validity of certificates that have been issued to these users.

  • The left-hand side of the window lists the users. These are the people or computer servers that use keys and certificates.
  • The top right-hand side contains information about the selected user. This information is contained in any new certificates that are generated for that user.
  • The bottom right-hand side lists certificates that have been issued to the selected user.
  • The coloured circles represent the validity status of issued certificates.

screen shot

Generating keys and certificates

To generate and issue keys and certificates:

  1. Generate a Certification Authority (CA) - the CA is used to sign certificates for users. Normally you would only generate a new CA once for your organisation.
  2. Generate one or more users - Each user represents a person or computer server that needs keys and certificates.
  3. Generate certificates - Generating a certificate (.cer) file includes generating the corresponding identity (.p12) file and identity file password. The identity file includes the private key in addition to the certificate.
  4. Distribute keys and certificates - The identity file and corresponding password must be sent to the user securely. The best way to do this is to send these pieces of information separately, e.g. email the identity file and SMS the password. The certificate file can be freely distributed.

File types

  • PKCS#12 identity files (.p12 or .pfx) include both the user certificate and private key, and usually also the CA certificate. This files are protected (encrypted) by a password.
  • DER-encoded certificate files (.cer or .crt) include a single certificate only.
  • PEM files (usually .pem) contain either a certificate or a private key. These files include printable characters only and most of the file is base-64 encoded. Private key PEM files may or may not be protected by a password.

Using keys and certificates

Different applications require different configuration steps, but in general:

  1. Import the user identity file into the application (or Operating System) key store. This requires entry of the identity file password.
  2. Import the CA certificate into the application (or Operating System) trusted CA key store, so that certificates issued by this CA are trusted.
  3. (If necessary) Configure the application to select the key and certificate to use.

See Using Certificates for more details.