Used to generate, request, display, remove, import and export certificates
stored in the Keystore.
List Form
Actions
GENERATE
|
Used to generate a new self-signed Certificate.
|
REQUEST
|
Used to create a Certificate Signing Request (CSR) from the selected
Certificate.
If a Certificate has not been selected an error will be displayed.
|
DISPLAY
|
Used to display the selected Certificate.
If a Certificate has not been selected an error will be displayed.
|
REMOVE
|
Used to remove the selected Certificate.
If a Certificate has not been selected an error will be displayed.
|
IMPORT
|
Used to import a Certificate into the Keystore.
|
EXPORT
|
Used to export an existing Certificate.
If a Certificate has not been selected an error will be displayed.
|
SAVE
|
Used to save changes made and to return to the Control Panel form.
|
CANCEL
|
Used to discard changes made and to return to the Control Panel form.
|
HELP
|
Used to display online help for this form.
|
Entry Form
Fields
Alias
|
The case-insensitive name used to identify the Certificate in the Keystore.
|
Key Algorithm
|
The key-pair generation algorithm, [DSA|RSA].
RSA is the default.
While DSA and RSA are key-pair generation algorithms are both
supported, most Web browsers only support RSA.
The Key Signature Algorithm is derived from the Key Algorithm. MD5
is used for RSA and SHA1 for DSA.
|
Key Size
|
The number of bits of the keys.
1024 is the default.
The Key Size for DSA key-pairs must be greater then 512 and
less than 1024 and must be a multiple of 64.
The larger the key size the harder it is to crack and the greater the
negative impact on performance.
|
Validity
|
The number of days that the key will be valid.
|
Common Name
|
The name of the site or individual requesting the Certificate.
|
Organization
|
The name of the organization requesting the Certificate.
NONE is none.
|
Organization Unit
|
The name of the department requesting the Certificate.
NONE is none.
|
City/Locality
|
The name of the city or locality where the entity requesting the Certificate
is located.
|
State
|
The name of the State where the entity requesting the Certificate is located.
|
Country
|
A country from the list of countries of the entity requesting the
Certificate.
|
Actions
OK
|
Used to accept data entered, to generate the Certificate and to return to the
Certificates form.
|
CANCEL
|
Used to discard data entered and to return to the Certificates form.
|
HELP
|
Used to display online help for this form.
|
Import Form
Fields
Alias
|
The case-insensitive name used to identify the Certificate in the Keystore.
|
File Name
|
The file on the local file system containing the X.509 reply certificate or
reply certificate chain that will be imported.
Reply certificates must be in a binary format or in a Base64 encoded format
embedded in
-----BEGIN CERTIFICATE----
and
-----END CERTIFICATE-----.
Reply certificate chains must be in a PKCS#7 binary format or a PKCS#7 Base64
encoded format embedded in
-----BEGIN PKCS #7 SIGNED DATA-----
and
-----END PKCS #7 SIGNED DATA-----.
|
Check cacerts
|
Whether to check CA certificates keystore,
java_dir/lib/security/cacerts.
|
Ignore Warnings
|
Whether to ignore warning and import the certificate.
Normally warnings such as
"certificate already exists under a different alias"
and
"certificate is not trusted"
prevents a certificate from being imported. If Ignore Warnings is
checked these warnings will be ignored and the specified certificate will
be imported.
|
Actions
Browse...
|
Used to select the local file.
|
OK
|
Used to accept data entered, to import the Certificate and to return to the
Certificates form.
|
CANCEL
|
Used to discard data entered and to return to the Certificates form.
|
HELP
|
Used to display online help for this form.
|
Notes
The following steps outline the Certificate Process:
- Generate a new Self-Signed Certificate by clicking on the GENERATE
button, entering the required information and submitting the form.
- Optionally, use the following steps to install a Certification Authority
(CA) certificate.
- Generate a Certificate Signing Request (CSR) for the Self-Signed
Certificate by clicking the REQUEST button on
iServer Administrator - Certificates.
- Submit the CSR to a CA.
Entrust,
Thawte,
and VeriSign
are popular Certification Authorities.
- Import the Response Certificate overwriting the original Certificate
by clicking IMPORT button on iServer Administrator - Certificates,
using the same Alias as the Self-Signed Certificate and pressing,
entering the File Name of the file containing the Response Certificate
selecting the Check cacerts and Ignore Warnings and
clicking on the OK button.
iServer Certificate Administrator will only import Response Certificates
that contain a complete Certificate Chain or Response Certificates whose
Certificate Chain can be established using an existing Root CA Certificate.
Certificate Administrator requires Java 1.3.0 or later.
Generation and importation of Certificates is a CPU intensive operation and
my take a couple of minutes to complete.
iServer's Certificates can also be maintained using JavaSoft's keytool
included with Java 2.
Unlike other Administrator forms, GENERATE, REMOVE and
IMPORT immediately change the Keystore without having to SAVE.
Changes made will not be used until the iServer is restarted.
|