Issue a new PKCS#12 keystore for an SSL server
This section will show you how to issue a PKCS#12 keystore suitable for SSL/TLS servers, such as web servers. You should previously have created the certificate profile and end entity profile for SSL servers in the sections above.
- Goto RA Functions -> Add End Entity. 
- Choose the end entity profile SSLServerEndEntityProfile. 
- At Username, enter testsrv.domain.com. 
- At Password, enter a password. 
- Under CN, Common Name, enter testsrv.domain.com. 
- And at DNS Name enter testsrv.domain.com. 
- Under Certificate Profile you should not be able to choose anything but the default SSLServerCertificateProfile. 
- Under CA you should not be able to choose anything but the default ManagementCA. 
- Under Token, choose P12. 
- Press Add. 
- Goto Public Web and then Create Keystore. 
- Enter the username, testsrv.domain.com, and password for the user you created, and press OK. 
- Choose Key length 1024. 
- Under Certificate Profile, you should not be able to choose anything but the default "SSLServerCertificateProfile" . 
- Press OK. 
A new certificate will be generated and downloaded to your desktop.
If you like, import the P12 file (double-click on it in Windows) to look at the certificate inside.