FNMT certificate issuance
Overview
In this tutorial you learn how to issue a Fábrica Nacional de Moneda y Timbre (FNMT) certificate from the Redtrust admin console: from creating the request through to downloading and installing the certificate.
This tutorial is aimed at Redtrust administrators with the Add from CA (FNMT) permission assigned to their role.
By the end of this tutorial you will have issued an FNMT certificate installed on the Redtrust server and ready for use.
Redtrust generates and stores the private keys on the server; the FNMT is responsible for certificate issuance and identity validation. See FNMT integration for more information.
Before you begin
Make sure you have:
- A Redtrust license with the FNMT module enabled. To check, go to System > Unit > License and verify that FNMT appears under Available modules.
- The Add from CA (FNMT) permission assigned to your role (see Required permissions)
- The applicant's details for the chosen profile: NIF, first surname, CIF, email address, or pseudonym as required (see the FNMT certificate profiles reference)
Step 1: Create the enrollment request
Fill in the certificate details and submit the enrollment request to the FNMT from the admin console.
- Go to Certificates > Requests and select the FNMT tab.
- Click Issue certificate.
- Select the certificate profile and click Next.
- Fill in the form fields. The available fields depend on the selected profile. See the FNMT certificate profiles reference for the data required for each profile.
- Read and accept the FNMT legal conditions. Redtrust retrieves them automatically from the FNMT for the selected profile and operation.
- Select the certificate group or groups to which the certificate will be assigned.
- (Optional) Enable Backup copy if you want Redtrust to keep a copy of the certificate as a PFX file.
- (Optional) Assign an owner to the certificate.
- Click Apply.
Redtrust generates the private key, creates the certificate signing request (CSR), and sends it to the FNMT. The request appears in the requests list with a Pending status.
Redtrust automatically records your acceptance of the legal conditions together with a hash of the document. This record is stored as acceptance evidence.
Step 2: Verify identity with the FNMT
This step takes place outside Redtrust. The applicant must complete the identity verification process with the FNMT, which varies depending on the selected profile. Once complete, the FNMT makes the certificate available for download.
The time required to complete identity verification depends on the FNMT's procedure for the selected profile. The request remains in Pending status in Redtrust in the meantime.
Step 3: Download and link the certificate with its private key
When the applicant has completed verification with the FNMT, download and install the certificate in Redtrust.
- Go to Certificates > Requests > FNMT.
- Locate the request in the list and click
⋯> Download certificate. - Click Accept to confirm the download.
Redtrust downloads the certificate from the FNMT, links it with the private key generated in step 1, and installs it on the server. The certificate appears in the Certificates section of the admin console.
If you enabled the backup copy in step 1, you can download the PFX file from the same list by clicking ⋯ > Download certificate backup.
Summary
The FNMT certificate is now installed in Redtrust, with the private key securely stored on the server. You can assign it to policies and users from the admin console.