There are two major tasks when creating an externally signed certificate. The first task is to create a PKCS #10 Certificate Signing Request (CSR). Follow the steps below to create the CSR.
Send the CSR to the external CA and retrieve the resulting certificate and all of the CA’s certificates. Then store all of the certificates in the server certificate object (see Section 2.13, Storing Server Certificates (External CA)). For information about how to store the certificates,
Find the server for which you want to create a certificate by calling NPKIFindKeyGenServersForUser. Then call the following accessor functions:
Determine the certificate attributes and extensions, then create the server CSR (Certificate Signing Request) by calling NPKICreateServerCertificate. Send the CSR to the external CA to get the server certificate. The server certificate must be stored once it is created (see Section 2.13, Storing Server Certificates (External CA)).
For a sample implementation of this task, see GenerateCSR.