Check the Certificate's Format

To use the certificate and sign your screens, the public key certificate and private key files must be in the PEM format. Typically, a PEM formatted public key certificate file should contain one or more items in Base64 ASCII encoding, each with plain-text headers and footers (BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).

The recommended extension for the public key file is .crt and the private key file is .key.

If you are using a self-signed certificate, you can use its public key certificate file as is.

If you are using a certificate signed by an intermediate or root Certificate Authority (or, Issuer), you must ensure that each certificate in the chain is included in the public key certificate file you use for signing. If not all certificates are included, then open the missing issuer’s public key certificate file in a text editor, copy its content, and paste it into the signing public key certificate file as described in the following steps:

Procedure

  1. Open the certificate in a text editor.
  2. Copy the chain of issuer's certificates from the leaf at the top to the root at the bottom.
    Note: The order of certificates is important. The very first should be the leaf certificate (the one that will be used to sign screen and script files), then its issuer certificate, and complete chain up to the root certificate, which should be at the end of the file.
    For example, in the case of a chain consisting of two certificates, the leaf certificate (used to sign screen files) and its issuer (the root CA certificate), the file content would look like this:
    -----BEGIN CERTIFICATE-----
Leaf_RzCCAy+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCVVMx
DjAMBgNVBAgMBVN0YXRlMREwDwYDVQQHDAhMb2NhdGlvbjEQMA4GA1UECgwHQ29
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root_+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCVVMx
DjAMBgNVBAgMBVN0YXRlMREwDwYDVQQHDAhMb2NhdGlvbjEQMA4GA1UECgwHQ29
-----END CERTIFICATE-----
  3. Open the certificate that you are going to use to sign your screens, and then paste the copied chain.
  4. Save and close the certificate.