PLEASE NOTE THAT YOU DON'T NEED TO DOWNLOAD A CERTIFICATE MANUALLY IF YOU'RE USING CISCO ANYCONNECT CLIENT.
The following section describes the configuration of CA trust, enrollment and installation process of external user certificate. Make sure to follow all the steps in the order as listed below to avoid problems.
Certificate deployment steps:
|Configuring the DPDHL External CA I3 trust|
PLEASE NOTE THAT YOU DON'T REQUIRE TO HAVE THE DPDHL External CA I3 TRUSTED IF YOU'RE USING CISCO ANYCONNECT CLIENT, HOWEVER, IT'S RECOMMENDED.
By default, the computers of the external parties do not have the certificate of the issuing certificate authority installed in its certificate store, therefore the external certificates are not trusted. Download the certificate of the DHL External CA below and install it by double-clicking the certificate open and following the steps below,
|DPDHL External CA I3||download|
To verify that the issuing root cerificate has been successfully installed, issue the following command from the command line:
certutil -viewstore -user root
The certificate enrollment and issuance is carried out by the https://extcms.dhl.com web enrollment process which requires authentication using the DHLEXTERNAL credentials.
After successful login, you can request to enroll for a new certificate.
Clicking "Request" commences the certificate generation process.The web enrollment process will prompt the user to trigger the certificate generation process.
In the next step the web enrollment process initiates generation of the private key and certificate signing request on the user's computer.
If the process is done successfully, user will be promted with this screen.
To verify that the external cerificate has been successfully installed, issue the following command from the command line:
certutil -viewstore -user my