To acquire a CA-signed certificate, you must first generate a self-signed user certificate. This will implicitly generate or import a public-private key pair.
Generating a new self-signed user certificate based on an existing certificate
You can use the Certificate Manager to generate a new self-signed certificate based on the contents of an existing certificate. This is useful in situations where a self-signed certificate has expired and needs to be regenerated, or you want to generate a new self-signed certificate using the same information as an existing certificate.
User certificate reference
User Information and Usage Information
- User Alias
- An arbitrary name for the certificate (for example, CLEO)
- Common Name
- A user name for client-style certificates; a fully qualified computer name (or registered IP address) for server-style certificates (for example, cleo.com). This field may be completed when importing OpenPGP or SSH FTP keys.
- Administrator email address, for example, user@cleo.com. This field may be completed when importing OpenPGP or SSH FTP keys.
- Organization Unit
- This could be a company department (for example, Cleo Engineering, or Cleo Production)
- Organization
- Official company name (for example, Cleo Communications, Inc.)
- City
- Complete city name (for example, Loves Park)
- State
- State name (for example, Illinois)
- Country
- Two characters (for example, US). Select from pull-down menu.
- Signature Algorithm
- Either MD5, SHA-1, SHA-256, SHA-384, or SHA-512.
- DigitalSignature
- Set if certificate is to be used for SSL client or signing. This field should generally be checked for AS2, AS3, or ebMS.
- KeyEncipherment
- Set if certificate is to be used for SSL server or encryption. This field should generally be checked for AS2, AS3, or ebMS.
- clientAuth
- Set if certificate is to be used for TLS client. Not applicable to AS2, AS3, or ebMS.
- serverAuth
- Set if certificate is to be used for TLS server. Not applicable to AS2, AS3, or ebMS.
- Subject Key Identifier
- Set if the Subject Key Identifier extension is to be generated. This extension is used as a means of identifying the particular public key being used.
- Valid For
- The number of months that this certificate will be valid. By default, it is set to 24 months, but may be increased up to 96 months.
Generate Private
Used to generate a new public/private key pair.
- Private Key Size
- 512, 1024, 2048, 3072 or 4096 for RSA certificates.
512 or 1024 for DSA certificates.
The larger the key size, the stronger the encryption; however, depending on your platform and/or CPU speed, generating certificates with private key sizes greater than 2048 bits may take several minutes. (2048 is the default for RSA certificates. 1024 is the default for DSA certificates.)
- Algorithm
- Defaults to RSA, which is the de facto standard. DSA is also available.
- Private Key Password
- This is an arbitrary password. This password can be any combination of letters, numbers, or special characters.
- Confirm Password
- Re-enter the private key password.
- Encryption Sub-key Size
- 1024, 2048, or 4096-bit OpenPGP encryption sub-key size. Enabled when the Generate OpenPGP checkbox is selected. This is only necessary if you wish to generate a certificate to be used for OpenPGP encryption and an encryption sub-key is required.
- OpenPGP Key Does Not Expire
- When selected, the generated OpenPGP key will never expire. Otherwise, the OpenPGP key will expire when the User Certificate expires. Enabled when the Generate OpenPGP checkbox is selected.
Import OpenPGP
Used for OpenPGP encryption for an existing key.
- OpenPGP Key
- OpenPGP secret key. Browse/type for the OpenPGP filename.
- Private Key Password
- This must be the same password as the existing key.
SSH FTP Key
SSH FTP Key - to use an existing key for SSH FTP authentication. Enter the following information and click Import to read the key information. The Common Name and Email fields will be completed using the key information.
- SSH FTP Key
- SSH FTP private key. Browse/type for the SSH filename.
- Private Key Password
- This must be the same password as the existing key.
Comments
0 comments
Please sign in to leave a comment.