Use this window to create, import, or reuse a web certificate
for Server Administrator.
| NOTE: This help page
may include information about features not supported by the system.
Server Administrator only displays features that are supported on
the system. |
User Privileges
Table 1. User Privileges
Selection |
View |
Manage |
X.509 Certificate Management |
Administrator |
Administrator |
X.509 Certificate Management
Web certificates ensure the identity of a remote
system and ensure that information exchanged with the remote system
cannot be viewed or changed by others. To ensure system security for
Server Administrator, it is strongly recommended that you either generate
a new X.509 certificate, reuse an existing X.509 certificate or import
certificate chain from a Certificate Authority (CA).
You can apply for a certificate to authenticate user privileges for
access to the system over a network, or for accessing a storage device
attached to the system.
X.509 Certificate Option
Menu
Generate a new certificate |
Generates a new self-signed certificate used for the
SSL communication between the server running Server Administrator
and the browser. | NOTE: Most web browsers generate an untrusted warning as this certificate
is not signed by a Certificate Authority (CA) trusted by the operating
system. Some secure browser settings block the self-signed SSL certificates.
So, Server Administrator web GUI requires a CA-signed certificate
for such secure browsers. |
|
Certificate Maintenance |
Allows you to generate a Certificate Signing Request
(CSR) containing all the certificate information about the host for
the CA to automate the creation of a trusted SSL web certificate.
You can retrieve the necessary CSR file either from the specified
path at the top of the page or by copying the entire text in the text
box and pasting it in the CA submit form. The text format must be
Base 64-encoded format. | NOTE: You also have an option
to view the certificate information and to export the certificate
that is being used to universal Base 64-encoded format, which can
be imported to other web services. |
|
Import certificate chain |
Allows you to import the certificate chain (in PKCS#7
format) singed by a trusted CA. The certificate can be in DER or Base
64-encoded format. |
Import a PKCS12 Keystore |
Allows you to import a PKCS#12 keystore that replaces
the key and certificate used in Server Administrator Webserver. . | NOTE: An error message is
displayed if you select an invalid PKCS file or when an incorrect
password is typed. |
|
X.509 Certificate Generation
Menu: Generate a New Certificate
Alias |
An alias is a shortened, keystore-specific name for
an entity that has a certificate in the keystore. A user can assign
any alias name for the public and the private key in the keystore. |
Key Signing Algorithm |
Displays the supported signing algorithms. Select
an algorithm from the drop down list. | NOTE: If you select either
SHA 512 or SHA 256 ensure that the operating system/browser supports
this algorithm. If you select one of these options without the requisite
operating system/browser support, server administrator will display
a cannot display the webpage error. |
|
Key Generation Algorithm |
Describes the algorithm to be used to generate the
certificate. Commonly used algorithms are RSA and DSA. |
Key Size |
Encryption strength for the private key. The default
value is 2048. |
Validity Period |
Length of time the certificate is to be valid, expressed
in days. |
Common Name (CN) |
Exact name of the host or domain to be secured, for
example, xyzcompany.com . |
Organization (O) |
Full company name as it appears in the company's
certificate of incorporation, or as it is registered with the state
government. |
Organization Unit (OU) |
Division of this company applying for the certificate,
for example, E-Commerce Department. |
Locality (L) |
The city or place name where the organization is
registered or incorporated. |
State (ST) |
The state or province where the organization is registered
or incorporated. Spell out the name. |
Country (C) |
Two-letter country code, for example, US for United
States and UK for United Kingdom. |
X.509 Certificate Generation
Menu: Certificate Maintenance
Certificates |
This is the name of the X.509 certificate that is
currently being used. |
Select appropriate action |
- Certificate Signing Request (CSR) : Use the information in the existing certificate to build a certificate
request.
- Display Contents : Display
the contents of the certificate. This option results in an extensive
report that parses the components of the certificate.
- Export Certificate in BASE 64-encoded
format : Export an existing certificate for use by another
application.
|
When you select CSR, Server
Administrator makes a .csr file. Server Administrator
displays the path where you can retrieve the .csr file.
Server Administrator also prompts you
to copy and save the text of the certificate.
When
you select Export, Server Administrator enables
you to download the certificate as a .cer file
and save the file to a directory that you select.
X.509 Self-Signed Certificate
Contents
Values for the following fields are
collected at the time that the certificate is first created:
Alias |
An alias is a shortened, keystore-specific name for
an entity that has a certificate in the keystore. A user can assign
any alias name for the public and the private key in the keystore. |
Creation Date |
Date the existing certificate was originally created. |
Provider |
The default certificate provider is the Sun Microsystems
security provider. Sun has one certificate factory that works with
certificates of type X509. |
Certificate Chain |
Complete certificate which has the root certificate
as well as the response associated with it. |
Chain Element 1:
If a user views the certificate contents and finds Chain Element 1: but not Chain Element 2: in the description, the existing certificate is a self-signed certificate.
If the certificate contents refer to Chain Element 2:, the certificate has one or more CAs associated with it.
Type |
X.509. |
Version |
Version of X.509. |
IsValid |
Whether Server Administrator considers the certificate
to be valid (Yes or No). |
Subject |
Name of the entity for whom the certificate has been
issued. This entity is referred to as the subject of the certificate. |
Issuer |
Name of the certificate authority who signed the certificate. |
Valid From |
First date the certificate is good for first use. |
Valid To |
Last date the certificate is good for use. |
Serial Number |
Unique number that identifies this certificate. |
Public Key |
Public Key of the certificate, that is, the key that
belongs to the subject the certificate vouches for. |
Public Key Algorithm |
RSA or DSA. |
Key Usage |
Key usage extension, which defines the purpose of
the key. You can use a key for digital signing, key agreement, certificate
signing, and more. The key usage is an extension to the X.509 specification
and need not be present in all X.509 certificates. |
Signature |
Certificate authority's identifying digest that confers
validity on a certificate. |
Signature Algorithm Name |
Algorithm used to generate the signature. |
Signature Algorithm OID |
Object ID of the signature algorithm. |
Signature Algorithm Parameters |
Algorithm used to generate the signature that uses
the TBS certificate as input. |
TBS Certificate |
Body of the actual certificate. It contains all the
naming and the key information held in the certificate. The TBS certificate
is used as an input data to the signature algorithm when the certificate
is signed or verified. |
Basic Constraints |
An X.509 certificate may contain an optional extension
that identifies whether the subject of the certificate is a certificate
authority (CA). If the subject is a CA, this extension returns the
number of certificates that may follow this certificate in a certification
chain. |
Subject Unique ID |
String that identifies the applicant for the certificate. |
Issuer Unique ID |
String that identifies the issuer of the certificate. |
MD5 Fingerprints |
Digital signature algorithm that verifies data integrity
by creating a 128-bit message digest or fingerprint. The fingerprint
is as unique to the input data as a person's fingerprint is to only
one individual person. |
SHA1 Fingerprints |
Secure hashing algorithm, a cryptographic message
digest algorithm used to verify data integrity by making replication
of the digest or fingerprint computationally expensive, that
is, not worth the effort. |
Encoded Certificate |
Content of the certificate in binary form. |
Certificate Import:
Import certificate chain
To import a certificate
chain that you obtain from a CA:
- Type the name of the certificate file you want to
import, or click Browse to search for the file.
- Select the file and click Import.
Import PKCS#12
To import the PKCS#12 certificate:
- Browse the name of PKCS#12 file that contains the
key and certificate of the web server.
- Enter the key store password.
- Click Import.