EAServer Manager | Certificates folder comes with several preinstalled CA certificates. EAServer accepts client certificates only if they have been signed by a trusted CA. You can modify the trust attribute for any of the preinstalled certificates. See “Viewing certificate, trust, and export information” for more information.
Generating a key pair and requesting a certificate
You can generate a key pair and send the certificate request to a CA to be signed. Once the CA has signed and returned the request, you can install the certificate.
Select the Private Keys folder.
Select File | Key/Cert Wizard.
Supply the required information, described in Table 14-2. Use Back and Next to review or change any information.
You can use any of the following characters:
Letters A – Z and a – z
Numeric values 0 – 9
(space) ’ ( ) + , - . / : = ?
In Asian-language editions of EAServer, you can enter an Asian-language date in the Certificate Signing Request wizard in Security Manager. Before generating requests that contain UTF-8 characters, check with your certificate authority (CA) whether UTF-8 data is supported.
Click Finish to exit the wizard. EAServer Manager | Certificates folder generates the key pair and saves the certificate request to a file that you specify, or installs a certificate if you have pasted one into the certificate dialog.
Send your certificate request to a CA for signing. Depending on the CA, this could be through e-mail or by attaching to the CA’s URL.
When you receive it, install the certificate. See “Installing and exporting certificates”.
The new private key appears on the right side of the window when you highlight the Private Keys folder. Once the certificate is received and installed, the private key is removed from the private key list.
Property |
Description |
Comments/example |
|---|---|---|
Key Strength |
Select the authentication key strength. The greater the number, the stronger the encryption. Your options are:
|
For international users, key strength is 512. |
Key Label |
The name that identifies the private key/certificate. |
Required field. The label must be unique among all labels used for certificates. |
Mark Private Key Exportable |
Check this box to allow the export of this certificate along with its private key. |
See “Installing and exporting certificates” for more information.
|
UTF-8 Encoding |
Check this box to allow entry of UTF-8 encoded characters. |
Allows entry of Asian-language text. Before generating requests that contain UTF-8 characters, check with your certificate authority (CA) whether UTF-8 data is supported. |
Common Name |
This could be your first and last name or name of a university or EAServer host name. |
Required field. |
User ID |
Any user ID that would further identify you. |
|
Organization |
The name of your company, university, or other organization. |
Required field. |
Organization Unit |
The name of a department within your organization. |
|
Locality |
The location of your organization. |
You must supply at least one of:
|
State/Province |
The name of your state or province. |
|
Country |
Your two-digit country code; for example, “U.S.” |
|
Requester Name |
The person requesting the certificate. |
|
Server Admin |
The name, if any, of the server administrator. |
|
Your e-mail address. |
||
Server Certificate Request |
Displays the request information along with the generated public key. |
Depending on the CA, you might be able to copy and paste the certificate request from this window into an e-mail and forward it for signing. |
Save to File |
Select this option and enter the full path name to save the generated certificate request as a text file. You can also use the browse feature to locate and save the file. |
If you do not immediately send the certificate request to be signed, save the certificate request to a file and send it for signature later. |
Cut and Paste the Certificate |
If available, paste the signed certificate in this window for installation. |
If you do not install the signed certificate now, you can use the Install Certificate option when you receive your signed certificate. |
Format Type |
Identifies the format of the certificate request. Your options are “base64” or “binary.” |
For server certificates, you would normally use a base64 format. |
If checked, you can later uncheck this property. Once
unchecked, you cannot change this property. If unchecked, you cannot
export this certificate and private key.