Generating trusted CA certificates from OpenPGP or SSH FTP keys

An OpenPGP public key contains a master key and one or more subkeys. You can create a Trusted CA Certificate from the public key information and use it to verify OpenPGP signatures and encrypt data before it is sent to your trading partner. You can use a SSH FTP public key for public key authentication with the SSH FTP server (Cleo VLTrader and Cleo Harmony only).

To import an OpenPGP or SSH FTP public key and generate a Trusted CA certificate:
  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the tool bar.
  2. Import a key. Use one of the following methods.
    • Choose an OpenPGP Public Key file - Right-click the Trusted CAs store and select Generate > Trusted CA Certificate from OpenPGP Key.
    • Choose an SSH FTP Public Key file - Right-click the Trusted CAs store and select Generate > Trusted CA Certificate from SSH FTP Key.
  3. Enter the name of or navigate to the public key file and click Open.
    The Generate Certificate dialog box appears.
  4. Enter the required information. See User certificate reference for information about the fields.
    User Alias
    An arbitrary name for the certificate (for example, ACME)
    Common Name
    This value might be provided when importing the public key. Alternatively, enter a user name for client-style certificates or a fully qualified computer name (or registered IP address) for server-style certificates (for example, acme.com).
    Email
    This value might be provided when importing the public key. Otherwise, enter the trading partner administrator email address (for example, user@acme.com).
    Organization Unit
    This could be a company department (for example, Acme Purchasing or Acme Production)
    Organization
    Official company name (for example, Acme, Inc.)
    City
    Complete city name (for example, Loves Park)
    State
    State name (for example, IL)
    Country
    Two characters only (for example, US).  (This is available through a pull down menu.)
    Valid For
    If the chosen key does not have an expiration date, enter the number of months (1-96) the certificate should be valid for. If the chosen key has an expiration date this field is not configurable.
  5. After all the required information is entered, click OK.  After the certificate is created, the certificate is added under Trusted CAs in the tree pane.
  6. For OpenPGP, you can view the embedded OpenPGP key fingerprint and usage in the Certificate Manager (using the right and/or bottom scroll bars, if necessary). Confirm the fingerprint shown matches the fingerprint provided by your trading partner. This ensures the public key has not been altered and the encrypted data you send can only be decrypted by your trading partner.