Knowledge Base

The following tutorial is meant to walk you through the process of generating your client authentication certificate and decrypting the SMPB batch file from DigiCert ONE IOT Manager.

Process

1. Client Authentication Certificate
   • Generating Client Authentication certificate via Account Manager.
2. PKI Client Installation
   • Download and install PKI Client with local Admin rights.
3. Properly Formatted SMPB Batch Request
   • Requesting SMPB formatted batch
   • Decrypting the SMPB file

Client Authentication Certificate

1. Log in to Account Manager.
2. Navigate to “Access” then “Users” on the left pain.
3. Select the account you are logged in with. 
   
   
4. While viewing your User, scroll down to the “Client authentication certificates” section and select “Create client authentication certificate.” Configure your certificate and then select “Generate Certificate.”
   Please Note: The friendly name will be referenced by the system later. Make this easily identifiable. When the End Date has lapsed, the certificate will expire and a new one will need to be generated.
   
   
5. Copy your passcode that is displayed to a notepad for safe keeping and select "Download Certificate."

Configuring the PKI Client

1. Download the PKI Client and install it with local Admin permissions.
2. Search “PKI Client” from the Windows search.
3. After the Client launches and initializes, select “My Computer "and then “Import a certificate.” 
   
   
4. Browse for your previously downloaded Client Auth certificate and then provide the password that was saved in Notepad.
5. You will be presented with a prompt asking if you want to protect your certificate with a PIN. It is advisable to do so as this will protect your certificate from unauthorized access.
   
   Please Note: If this PIN is lost, a new certificate will need to be generated as resetting the PIN without the previous PIN is a destructive act on the PKI Client cert store.

Properly Formatted SMPB Batch Request

Requesting SMPB formatted batch

1. When requesting your batch select “Binary .CER (SMPB).” 
   
   
2. Select “Use Authentication certificate from my profile” and locate your certificate from the drop down. It will be the same friendly name you provided when generating the certificate. 
   
   
3. Decide on your Method to generate the certificates and then select “Start request.”
   
4. When the batch has been completed, download it by going to “Batch Jobs,” selecting your batch by name from the list and then selecting the blue download arrow.

Decrypting the SMPB batch

1. To decrypt the batch on a system with the Client Authentication certificate imported to the PKI Client, simply double click the downloaded SMPB file.
2. You will be presented with a window asking for a File location to save the decrypted zip file. Selecting "Continue" will present you with the PIN you set earlier when importing the Client Authentication certificate.
3. After successfully decrypting the file, you can now open the new zip file with Windows Explorer to view the contents.