In an opened KeyStore window, select a key pair entry and invoke the contextual menu (usually by clicking the right mouse button). The following situations can occur:
If the contextual menu will display an active Sign Certificate by
<aliasForIssuer>
option, this means that a CA
Issuer was previously selected and you can proceed with the signing
operation by selecting the option.
If the contextual menu will display an inactive Sign Certificate by <...>
option, this usually means that no CA Issuer was previously selected.
In order to use this option you must first select a CA Issuer, using
the Select CA Issuer
option.
If the contextual menu will display an inactive Sign Certificate by
<aliasForIssuer>
option, this could also mean
that you accessed the contextual menu for the same key pair that was
previously selected as CA Issuer. This is a precaution measure to make
sure the user will not attempt to sign a generated CSR with the same
key pair that generated it.
The Sign Certificate by
<aliasForIssuer>
option is automatically
replicating in one step the effect of the following individual
actions:
Generate a CSR for a selected key pair;
Sign the previously generated CSR using another key pair and obtain a CA Reply;
Import the obtained CA Reply in the initial key pair used to generate the CSR.
The workflow of the Sign Certificate by
<aliasForIssuer>
action is the following:
After you select the Sign
Certificate by <aliasForIssuer>
option, you
will be prompted to enter the password for the private key associated
to the selected key pair entry if need be. If the password entered is
correct you may proceed to the next step.
After the key pair selected was unlocked, the certificate details from the CSR will be shown in a newly opened dialog requiring to provide a Serial Number and double checking the validity period. Additionally, when signing the CSR, certificate extensions can be added to the certificate.
After the second step was completed and the OK
button was pressed, a temporary, internal CA Reply will be created and
transparently imported in the selected key pair, thus the target Key
Pair will now contain a signed user Certificate and the issuer
Certificate as part of the Certificate Chain.