Client Certificate Generation Tool

Overview

This tool will help you to easily generate cryptography keys, certificate signing requests and process responses once when you get them from Freja eID support.

Download the Client Certificate Generation tool by clicking here.

This tool is intended to be used with a GUI. If you don't have one, we recommend using open ssl mentioned above.

While you are free to use this tool on your own desktop, we recommend you use it on the server where the generated keypairs and certificate will be used, in order to avoid copy/pasting them from your machine onto the server.

If you are using Open SSL, we also have a step-by-step guide for that process.

1. Starting the tool

To start the tool, open Terminal or Command Prompt in the folder in which the tool is located. Then run the following command:

java -jar RelyingPartySslCertTool-1.0-fat.jar

2. Selecting the environment

Choose the environment for which you want to generate the SSL certificate.

3. Menu

Next, a window will open with options to choose from.

  • Generate Key and CSR: for generating a key pair and certificate signing request.

  • Process Certification Response: if you already generated your key pair and CSR and you got the answer from Freja support.

  • Test Connection: after processing the response from Freja support, this option is for testing the connection with the Freja server. The connection will be tested against the test or production server, based on the chosen environment.

4. Generating key and CSR

Enter information about your organisation into the fields. The key pair and certificate signing request will be generated based on that information.

  • Country: the country your organisation operates in. (mandatory)

  • Organisation name: legal name of the organisation, as registered with the company register of the country it operates in. (mandatory)

  • Organisation identifier: company registration number, as registered with the company register of the country it operates in. (mandatory)

  • Common name: function qualifier, if required. (optional)

  • Organisational unit: internal organisational qualifier, if required. (optional)

  • Keystore password: here you must set the password of the keystore in which your private key will be stored. (mandatory)

  • Output directory: folder where the generated keystore and CSR will be stored. (mandatory) Default is the folder where the tool is placed.

Once you have entered the necessary data, click on 'Generate'.

This will generate a keystore (which contains the private key of your key pair) and an archived CSR in the chosen directory. 

You will have to send the archived CSR to our partner support at certificates@frejaeid.com

5. Processing the response

When Freja support process your CSR, you'll get an email with the following:

  • Freja's offline root certificate;

  • Freja's Issuing Certificate Authority;

  • Freja certificate chain. Contains booth root and CA certificates;

  • your Relying Party-issued certificate.

Click on 'Unzip File' to unzip the file.

If you already unzipped the response from the email, click on 'Already Unzipped File' to process the certification response.

5.1 Unzipping the file

Select the zipped file that you got from Freja support and the location where you want to unzip it and click on 'Unzip File'.

The result of the operation is an unzipped file and you'll be redirected to a window for processing the certification response.

5.2 Process certification response

To process the certification response, you'll need to select the:

  • client certificate file from the previously unzipped file;

  • certificate chain;

  • keystore which is generated in the 'Generate Key and CSR' step;

  • password for that keystore.

All fields are mandatory.

When you click on 'Process Certification Response' the app will check if the certificate can be chained with an existing certificate chain. If it is, it will store it in the keystore.

After that you'll be redirected to the window for testing the connection

6. Test Connection

Select your keystore and password to test the connection with the Freja server.

The app will know which server to call based on the environment you chose in the beginning.

If you would like to change environment, click 'Back'.