Certificate management in MacOS environment
Creating a certificate signing request
If you are using macOS , you can generate a certificate request using the "openssl" command via a terminal.
1. For your convenience, we recommend that you create a new folder (such as "BAP certificate") on your desktop.
Picture 1. Creating a folder
2. Launch the "Terminal" app. This can be done by using the Command-Space bar and typing "terminal" in the search field:
Picture 2. Terminal launching
OR by selecting "Go" → "Utilities" in the "Finder" menu:
Picture 3. Terminal launching
3. In the terminal, navigate to the "BAP certificate" directory you created by typing the command (press the "Enter" key to execute the command):
cd Desktop/BAP\ certificate
4. Generate a certificate request using the "openssl" command:
openssl req -out request.csr -utf8 -
new
-newkey rsa:
2048
-nodes -keyout certificate.key -subj
"/GN=Vardas/SN=Pavarde/CN=Vardas Pavarde"
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf
"\n[SAN]\nsubjectAltName=email:el.pastas@pastas.lt"
))
Note
The openssl command is a single line command, so copy it all at once.
5. Check available files:
ls -l
total
16
-rw-r--r--
1
Jonas staff
1704
Sau
29
21
:
29
certificate.key
-rw-r--r--
1
Jonas staff
915
Sau
29
21
:
29
request.csr
Certificate download and installation
1. If you have not used the BAP system before and do not have the possibility to log in via the Electronic Government Gateway, please send the prepared "request.csr" file by email to the customs office when requested. You will receive a reply with the sertifikatas.crt file, which you should save in the "BAP certificate" directory you created.
If you can log in to BAP using the authentication service provided by the Electronic Government Gateway, or if you have already used the BAP system in the past and you are able to login to it, click on the "+Add New" button in the "Profile" section, select the value "Certificate issued by the customs of the Republic of Lithuania - for connecting to customs portals and accessing customs system to system services." in the "Adding a new certificate" modal window, then click on the "Continue" button.
Picture 4. "Customs of Lithuania for authentication" selection
2. Bookmark the file "request.csr" in the "Generate Certificate" window and click on the "Generate Certificate" button.
Picture 5. Uploading the CSR file
3. Download the "sertifikatas.crt" file by clicking the "Download" button in the pop-up window or in the certificate data table. Move the downloaded file to the "BAP certificate" directory.
Picture 6. Downloading the CRT file
4. Catalogue content:
ls -l
total
24
-rw-r--r--
1
Jonas staff
1704
Sau
29
21
:
29
certificate.key
-rw-r--r--
1
Jonas staff
915
Sau
29
21
:
29
request.csr
-rw-r--r--
1
Jonas staff
915
Sau
29
21
:
29
sertifikatas.crt
5. Generate a PFX file from the certificate and key files. Create a password that will protect the private key.
openssl pkcs12 -export -out sertifikatas.pfx -inkey certificate.key -in sertifikatas.crt
Picture 7. Example of export
6. Check available files:
ls -l
total
32
-rw-r--r--
1
Jonas staff
1704
Sau
29
21
:
29
certificate.key
-rw-r--r--
1
Jonas staff
915
Sau
29
21
:
29
request.csr
-rw-r--r--
1
Jonas staff
915
Sau
29
21
:
29
sertifikatas.crt
-rw-r--r--
1
Jonas staff
915
Sau
29
21
:
29
sertifikatas.pfx
sertifikatas.pfx - a file that contains your certificate and its private key.
7. To import a certificate from the "Finder", select "Go" -> "Utilities" and start the "Keychain Access" application.
Picture 8. Importing a certificate on macOS
4. On the left side of the "Keychain Access" application, select "System".
Picture 9. "System" selection
5. From the "File" menu, select "Import Items…" function.
Picture 10. „Import Items...“ selection
6. Select the generated certificate.
Picture 11. Certificate selection
7. After selecting the certificate, the system will ask you to enter the administrator password, followed by the password of the generated certificate that was created in step 2.
Picture 12.
Once the certificate has been imported, a new Safari browser will allow you to log in to bap.lrmuitine.lt by selecting the certificate. The first time you log in, macOS System will ask you again for your administrator name and password. These will then be used to log in to the system.
Preparing the certificate to work on another computer
The PFX file, which was generated in step 2 of "Download and install the certificate", is required for work on another computer. Transfer this file to the new computer and continue with the steps described in the installation instructions below.