Digital Certificates

Generating Client Certificates

Client Certificates are used to authenticate clients to the server.  To generate a Client Certificate with the SEAGULL Security Server, a valid Signing Certificate must be generated and installed with a validity period greater than that to be specified for the Client Certificates.

SEE  Generating a Self Signed Signing Certificate for additional information.

To generate a client certificate:

  1. Go to Certificates:Generate to display the Generate New Certificate or Request dialog.

  2. Select the Client Certificate radio button, the Both radio button, and the appropriate Key Size radio button.  Key size of at least 1024-Bit is recommended.

  3. Enter the Certificate Name: It must be 8 characters or fewer containing numbers, letters, or underscores.  It is used to create the Certificate and Private Key filenames.

  4. Enter the Challenge Password: It must be at least four characters; containing number, letters, or underscores. It is used to protect the private key file from unauthorized use.

  5. Enter the Common Name: This is generally a computer name or address.  Some CAs require that this field not contain any blanks or special characters.

  6. Enter the Email Address: This is used when generating Client Certificates or Client Certificate Requests and may be left blank for Server or Signing Certificates.

  7. Enter the Organization Name: This specifies the Organization Name portion of the Distinguished Name field.

  8. Enter the Organization Unit: This specifies the Organization Unit portion of the Distinguished Name field.

  9. Enter the Locality or City: This specifies the Locality portion of the Distinguished Name field.

  10. Enter the State or Province: This specifies the State or Province portion of the Distinguished Name field.  Some CAs require that this field contain the full state name.

  11. Enter the Country Code: This specifies the Country Code portion of the Distinguished Name field.

  12. Enter the Validity Period: This field is set by the CA and is not part of the Certificate Request.

  13. Click the Generate button to generate the certificate and key files.

  14. The Certificate Request Complete dialog appears indicating the name and location of the various files that were created by the process.  The Certificate Name that was used during the Certificate generation process, will be used as the file name.  The files will be placed in the following location:

C:\Program Files\SEAGULL\SecurityServer\Certs\New

  1. To use the Certificate, the appropriate files must be installed in the client program (i.e. BlueZone) before they can be used for authentication to the SEAGULL Security Server.

SEE  Using Client Certificates with BlueZone Client Programs for additional information.

  1. If the Client Certificate is to be matched to a Reference Certificate for user authentication, then the Client Reference Certificate must be installed on the Security Server.

SEE  Installing Client Reference Certificates on the Server for additional information.