Discuss this help topic in SecureBlackbox Forum

Generate certificate with pre-defined key

A need to generate a certificate from the existing key material may arise, for instance, when you need to extend the validity period of the certificate, while keeping the key unchanged. SecureBlackbox provides an option for re-using existing key material instead of generating a brand new keypair. Depending on whether the new certificate is self-signed or CA-signed, you will or will not need the associated private key.

To re-generate a certificate and keep the same key:

  1. Load the existing certificate into a new TElX509CertificateEx object. This object is going to be a container for the new certificate.
  2. Set its PreserveKeyMaterial property to true.
  3. Set up the identity and validity properties and, optionally, configure the extensions.
  4. Perform a normal certificate generation procedure as described here (for a self-signed certificate) or here (for a CA-signed certificate).

If your key is located elsewhere:

  1. Create a brand new TElX509CertificateEx object.
  2. Load your key into the corresponding TElPublicKeyMaterial's descendant (e.g., TElRSAKeyMaterial).
  3. Pass the key object to the certificate's SetKeyMaterial() method of the certificate object. While the object will be copied, please do not destroy the original key object if it originates from an external storage (system or PKCS11).
  4. Set the certificate object's PreserveKeyMaterial property to true.
  5. Set up the identity and validity properties and, optionally, configure the extensions.
  6. Perform a normal certificate generation procedure as described here (for a self-signed certificate) or here (for a CA-signed certificate).

Certificate-related How To articles

Discuss this help topic in SecureBlackbox Forum