Servertec   Certificates
Content
Introduction
Release Notes
Features
FAQs
Requirements
Installation
Add-ons
How To
Change Log
Future Plans
Knowledge Base
Documentation
Conventions
Users
iServer
Administration
Login
Monitor
Control Panel
Manage
Server
Virtual Hosts
Workgroup
Session
Servlets
Contexts
Aliases
Mime Types
Locales
Country Codes
Messages
Pools
Realms
Resources
Users
Groups
Computers
Access Rights
ACLs
Logger
Templates
Keystore
Certificates
File System
Archives

Deployment

Reference
Samples
Sales
Legal
Feedback

 

Used to generate, request, display, remove, import and export certificates stored in the Keystore.

List Form

iServer Administrator - Certificates

Actions

GENERATE Used to generate a new self-signed Certificate.
REQUEST Used to create a Certificate Signing Request (CSR) from the selected Certificate.
If a Certificate has not been selected an error will be displayed.
DISPLAY Used to display the selected Certificate.
If a Certificate has not been selected an error will be displayed.
REMOVE Used to remove the selected Certificate.
If a Certificate has not been selected an error will be displayed.
IMPORT Used to import a Certificate into the Keystore.
EXPORT Used to export an existing Certificate.
If a Certificate has not been selected an error will be displayed.
SAVE Used to save changes made and to return to the Control Panel form.
CANCEL Used to discard changes made and to return to the Control Panel form.
HELP Used to display online help for this form.

Entry Form

iServer Administrator - Certificate Entry

Fields

Alias The case-insensitive name used to identify the Certificate in the Keystore.
Key Algorithm The key-pair generation algorithm, [DSA|RSA].

RSA is the default.

While DSA and RSA are key-pair generation algorithms are both supported, most Web browsers only support RSA.

The Key Signature Algorithm is derived from the Key Algorithm. MD5 is used for RSA and SHA1 for DSA.

Key Size The number of bits of the keys.

1024 is the default.

The Key Size for DSA key-pairs must be greater then 512 and less than 1024 and must be a multiple of 64.

The larger the key size the harder it is to crack and the greater the negative impact on performance.

Validity The number of days that the key will be valid.
Common Name The name of the site or individual requesting the Certificate.
Organization The name of the organization requesting the Certificate.

NONE is none.

Organization Unit The name of the department requesting the Certificate.

NONE is none.

City/Locality The name of the city or locality where the entity requesting the Certificate is located.
State The name of the State where the entity requesting the Certificate is located.
Country A country from the list of countries of the entity requesting the Certificate.

Actions

OK Used to accept data entered, to generate the Certificate and to return to the Certificates form.
CANCEL Used to discard data entered and to return to the Certificates form.
HELP Used to display online help for this form.

Import Form

iServer Administrator - Certificate Import

Fields

Alias The case-insensitive name used to identify the Certificate in the Keystore.
File Name The file on the local file system containing the X.509 reply certificate or reply certificate chain that will be imported.

Reply certificates must be in a binary format or in a Base64 encoded format embedded in -----BEGIN CERTIFICATE---- and -----END CERTIFICATE-----.

Reply certificate chains must be in a PKCS#7 binary format or a PKCS#7 Base64 encoded format embedded in -----BEGIN PKCS #7 SIGNED DATA----- and -----END PKCS #7 SIGNED DATA-----.

Check cacerts Whether to check CA certificates keystore, java_dir/lib/security/cacerts.
Ignore Warnings Whether to ignore warning and import the certificate.

Normally warnings such as "certificate already exists under a different alias" and "certificate is not trusted" prevents a certificate from being imported. If Ignore Warnings is checked these warnings will be ignored and the specified certificate will be imported.

Actions

Browse... Used to select the local file.
OK Used to accept data entered, to import the Certificate and to return to the Certificates form.
CANCEL Used to discard data entered and to return to the Certificates form.
HELP Used to display online help for this form.

Notes

The following steps outline the Certificate Process:
  1. Generate a new Self-Signed Certificate by clicking on the GENERATE button, entering the required information and submitting the form.

  2. Optionally, use the following steps to install a Certification Authority (CA) certificate.

    1. Generate a Certificate Signing Request (CSR) for the Self-Signed Certificate by clicking the REQUEST button on iServer Administrator - Certificates.

    2. Submit the CSR to a CA.

      Entrust, Thawte, and VeriSign are popular Certification Authorities.

    3. Import the Response Certificate overwriting the original Certificate by clicking IMPORT button on iServer Administrator - Certificates, using the same Alias as the Self-Signed Certificate and pressing, entering the File Name of the file containing the Response Certificate selecting the Check cacerts and Ignore Warnings and clicking on the OK button.

iServer Certificate Administrator will only import Response Certificates that contain a complete Certificate Chain or Response Certificates whose Certificate Chain can be established using an existing Root CA Certificate.

Certificate Administrator requires Java 1.3.0 or later.

Generation and importation of Certificates is a CPU intensive operation and my take a couple of minutes to complete.

iServer's Certificates can also be maintained using JavaSoft's keytool included with Java 2.

Unlike other Administrator forms, GENERATE, REMOVE and IMPORT immediately change the Keystore without having to SAVE.

Changes made will not be used until the iServer is restarted.

 top of page
 Built with iScript Copyright © 1997-2000 Servertec. All rights reserved.
Last Modified: Thu Aug 10 13:06:59 EDT 2000