User guide
Chapter 7: Setting and Use of the Interstage Certificate Environment
7-6
Using PKCS#12 Data
Use PKCS#12 data when a private Certification Authority is configured for a large-scale user and
certificates are batch-issued. Configure the environment using the following steps:
1.
Create an Interstage certificate environment owner group.
Refer to Setting up Access Permissions in the Interstage Certificate Environment
2. Configure the Interstage certificate environment.
Refer to Configuring the Interstage Certificate Environment with PKCS#12.
3. Make the settings for use of the certificate.
Refer to Configuring Certificate Settings.
Setting up Access Permissions in the Interstage Certificate
Environment
Before configuring the Interstage certificate environment, you need to create owner groups allowed to
access the Interstage certificate environment.
The Interstage certificate environment is configured by a superuser and accessible to effective users who
belong to a specific owner group.
Effective users are assigned depending on the service. Add effective users to owner groups by service.
Although you can create or modify an owner group using an OS tool, the steps below give an example of
creating an owner group using the command line.
1. Create an Interstage certificate environment owner group.
The example below shows a command for creating a group named "iscertg".
groupadd iscertg
2. Execute the useradd or usermod command to register an effective user in the "iscertg" group.
The example below shows a command for adding "nobody" to "iscertg".
usermod -G iscertg nobody
For details about the commands, refer to the manual of the operating system you are using.
Specify the owner group you created with the -g option of the scsmakeenv command when
configuring the Interstage certificate environment.