Certificate management in Linux environment

Creating a certificate signing request

If you are using Linux, you can generate a certificate request using the "openssl" command via a terminal.


1. First of all, prepare a location on your computer where you will store the certificate request created in the following steps, for this we recommend creating the directory "bapcrt". Navigate to this directory and generate the certificate request using the "openssl" command:

linux@PC$ openssl req -out request.csr -utf8 -new -newkey rsa:2048 -nodes -keyout certificate.key \
  -subj "/GN=Name/SN=Surname/CN=Name Surname" \
  -reqexts SAN \
  -config <(cat /etc/ssl/openssl.cnf \
        <(printf "\n[SAN]\nsubjectAltName=email:mail@email.com"))


2. Check available files:

linux@PC$ ls -l
total 8
-rwxrwxrwx 1 root root 1704 May 7 15:37 certificate.key
-rwxrwxrwx 1 root root 980 May 7 15:37 request.csr

Certificate download and installation

1. If you have not used the BAP system before and do not have the possibility to log in via the Electronic Government Gateway, please send the prepared "request.csr" file by email to the customs office when requested. You will receive a reply with the sertifikatas.crt file, which you should save in the "bapcrt" directory you created.

If you can log in to BAP using the authentication service provided by the Electronic Government Gateway, or if you have already used the BAP system in the past and you are able to login to it, click on the "+Add New" button in the "Profile" section, select the value "Certificate issued by the customs of the Republic of Lithuania - for connecting to customs portals and accessing customs system to system services." in the "Adding a new certificate" modal window, then click on the "Continue" button.

images/9e5f9d5d3c68ed6aaebade3cff08fd9b5bda2e7a1a246dc989413e2eb86e3afd.png

Picture 1. "Customs of Lithuania for authentication" selection


2. Bookmark the file "request.csr" in the "Generate Certificate" window and click on the "Generate Certificate" button.

images/79571b141b56fc3d59f12ba021593f96ff15c8381ee7fef20325f8f2c629daf6.png

Picture 2. Uploading the CSR file


3. Download the "sertifikatas.crt" file by clicking the "Download" button in the pop-up window or in the certificate data table. Move the downloaded file to the "bapcrt" directory.

images/aa564ccca8f74659ac095a68452054d662f579d7679acd6fb7dd411cbfea160c.png

Picture 3. Downloading the CRT file

Note

The certificate can also be downloaded from the "Profile" certificate list by selecting the row of the certificate entry in the list and clicking the "Download" button. For more information see "Generating and adding a certificate after logging into the portal".


4. Catalogue content:

linux@PC$$ ls -l
total 12
-rwxrwxrwx 1 root root 1704 May 7 15:37 certificate.key
-rwxrwxrwx 1 root root 980 May 7 15:37 request.csr
-rwxrwxrwx 1 root root 1127 May 7 15:41 sertifikatas.crt


5. Generate a PFX file from the certificate and key files. Create a password that will protect the private key.

linux@PC$:/mnt/d/bapcrt/linux$ openssl pkcs12 -export -out sertifikatas.pfx -inkey certificate.key -in sertifikatas.crt
Enter Export Password:
Verifying - Enter Export Password:


6. Check available files:

linux@PC$:/mnt/d/bapcrt/linux$ ls -l
total 16
-rwxrwxrwx 1 root root 1704 May 7 15:37 certificate.key
-rwxrwxrwx 1 root root 980 May 7 15:37 request.csr
-rwxrwxrwx 1 root root 1127 May 7 15:41 sertifikatas.crt
-rwxrwxrwx 1 root root 2389 May 7 15:43 sertifikatas.pfx

sertifikatas.pfx - a file that contains your certificate and its private key.


7. Importing a certificate for use on a Linux system is configured in the browser. Open your browser settings, locate the "Privacy & Security" section, select "Certificates" option and click "View Certificates".

images/d20f1beaae4ed9d6bd3661cbbbddc84cf449d6fc50c87a7cbcf63c4c55f6231d.png

Picture 4. "View Certificates" tab


8. In an opened window in the "Your Certificates" section, click "Import", specify your PFX file and the password you specified in step 3.

images/7e072f29f2eb8e908f524dc3dd74753583f90a2c44e9b10ca9cf7f601cfe7f4c.png

Picture 5. Certificate installation window


9. After the certificate has been uploaded successfully, you will see it in the list.

images/17385bbf34ea3af64de7c9b1dfaf870dcb399566140e59dd33a96ce748b13ae6.png

Picture 6. List of certificates

Preparing the certificate to work on another computer

To work on another computer, you need the PFX file that was generated in step 2 in the section "Download and install the certificate". Transfer this file to a new computer and continue with the steps in the installation instructions below.