An OpenPGP public key contains a master key and one or more subkeys. You can create a Trusted CA Certificate from the public key information and use it to verify OpenPGP signatures and encrypt data before it is sent to your trading partner. You can use a SSH FTP public key for public key authentication with the SSH FTP server (Cleo VLTrader and Cleo Harmony only).
To import an OpenPGP or SSH FTP public key and generate a Trusted CA certificate:
- In the web UI, go to Certificates button in the tool bar. . In the native UI, go to or click the
- Import a key. Use one of the following methods.
- Choose an OpenPGP Public Key file - Right-click the Trusted CAs store and select .
- Choose an SSH FTP Public Key file - Right-click the Trusted CAs store and select .
- Enter the name of or navigate to the public key file and click Open.
The Generate Certificate dialog box appears.
- Enter the required information. See User certificate reference for information about the fields.
Field Description User Alias An arbitrary name for the certificate (for example, ACME) Common Name This value might be provided when importing the public key. Alternatively, enter a user name for client-style certificates or a fully qualified computer name (or registered IP address) for server-style certificates (for example, acme.com). This value might be provided when importing the public key. Otherwise, enter the trading partner administrator email address (for example, firstname.lastname@example.org). Organization Unit This could be a company department (for example, Acme Purchasing or Acme Production) Organization Official company name (for example, Acme, Inc.) City Complete city name (for example, Loves Park) State State name (for example, IL) Country Two characters only (for example, US). (This is available through a pull down menu.) Valid For If the chosen key does not have an expiration date, enter the number of months (1-96) the certificate should be valid for. If the chosen key has an expiration date this field is not configurable.
- After all the required information is entered, click OK. After the certificate is created, the certificate is added under Trusted CAs in the tree pane.
- For OpenPGP, you can view the embedded OpenPGP key fingerprint and usage in the Certificate Manager (using the right and/or bottom scroll bars, if necessary). Confirm the fingerprint shown matches the fingerprint provided by your trading partner. This ensures the public key has not been altered and the encrypted data you send can only be decrypted by your trading partner.