Format a PKI Certificate Chain
To add a Smart Card identity provider, you must provide a name, the certificate chain, and specify the amount of time for Okta to consider the CRL valid after a successful download.
Steps
If you are using more than one certificate, follow this procedure to combine them into a single file.
- Convert DER encoded root and intermediate certificates (with .cer, .crt extension) into PEM format using the following openssl command: openssl x509 -inform der -in $input-cert-file-name -out $out-cert-file-name-with-pem-extension
-
Concatenate all the PEM certificates into a single file with root certificate being the last one using the following command: cat $intermediate-cert-file-1 ... $intermediate-cert-file-N $root-cert-file-with-pem-extension > trust-chain.pem
Important: Be sure the root certificate is last.
- Upload trust-chain.pem when creating the the Smart Card Identity Provider and make sure that no other Smart Cards IDPs exist.