How to use MS PKI to sign the certificate request issued by Xsuite
search cancel

How to use MS PKI to sign the certificate request issued by Xsuite


Article ID: 42197


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


This document provides a step by step description how to use the MS PKI which is available on Windows Server to actually sign the Certificate Request from Xsuite hence replacing the issued self signed certificate



Component: CAPAMX



1.  Create the CSR


Make sure the fields for Common Name and Alternate Subject Names basically reflect all the URLs used to access this Xsuite instance.

Note, there is no line break/carriage return at the end of the list of the Alternate Subject Names

2.  Download the CSR

3.  Download the newly created Private Key

4.  ... and protect the key with a password

5.  Access the MS PKI through the Web interface and submit the Certificate Signing Request

Select the CSR file to insert or copy and paste the file's contents in the larger text field.

Use "Web Server" as the Certificate Template


6.  Download the newly created certificate and certificate chain

7.  Download the CA certificate, CA certificate chain and latest base and delta CRL

8.  Join private key and the certificate to a single file


e.g. in a cmd submit

copy xsuite_KEY.key + xsuite_CERT.cer xsuite_KEY_CERT.cer


9.  Upload to the Xsuite instance in this order:


CA Bundles

Certificate Revocation List

The PKI Root Certificate

Certificate with Private Key (enter the previously given password to allow access to the key)

10.  Set the newly uploaded certificate

and reboot the box.


11.  Sign Xsuite Applets

12.  Import the MS PKI root certificate into the trusted CA store of your Browser or Xsuite Client

13.  Should you not run the Xsuite Client clear the JAVA and Browser cache before accessing the Xsuite with the newly signed JARs

Additional Information

Please also see the document "Certificates In Detail.pdf" available on the Xceedium Support Portal