Digital Certificates

Generating a Self-Signed Server Certificate

A Self Signed server certificate is one which is not signed by a certificate authority (CA). Server certificates serve two purposes; to identify the server to the client, and to provide the server public key to the client for the remainder of the SSL handshake and key exchange.

In cases where authenticating to the server to the client is not important, self signed certificates may be used. The SEAGULL Security Server ships with a SEAGULL self signed certificate, however it may be desirable for a company to create its own self signed certificate which the client may view when it is presented.

To create a self signed certificate:

  1. On the MenuBar, go to Certificates:Generate to display the Generate New Certificate or Request dialog.

  2. Select the Server Certificate radio button, the Both radio button, and the appropriate Key Size radio button. Key sized greater than 512-bits are recommended.

  3. Enter the Certificate Name: It must be 8 characters or fewer containing numbers, letters, or underscores. It is used to create the certificate and private key filenames.

  4. Enter the Challenge Password: It must be at least four characters containing number, letters, or underscores. It is used to protect the private key file from unauthorized use.

  5.  Enter the Common Name: This is generally a computer name or address. Some CAs require that this field not contain any blanks or special characters.

  6. Enter the Email Address: This is used when generating Client Certificates or Client Certificate Requests and may be left blank for Server or Signing Certificates.

  7.  Enter the Organization Name: This specifies the Organization Name portion of the Distinguished Name field.

  8. Enter the Organization Unit: This specifies the Organization Unit portion of the Distinguished Name field.

  9. Enter the Locality or City: This specifies the Locality portion of the Distinguished Name field.

  10. Enter the State or Province: This specifies the State or Province portion of the Distinguished Name field. Some CAs require that this field contain the full state name.

  11. Enter the Country Code: This specifies the Country Code portion of the Distinguished Name field.

  12. Enter the Validity Period: This field is set by the CA and is not part of the Certificate Request.

  13. Click the Generate... button to generate the certificate and key files.

  14. The Certificate Request Complete dialog appears indicating the name and location of the Certificate Request and Private Key File.

Next Steps:

Installing a Server Certificate