Displays the Activate Server Certificate dialog used to configure the location of the server certificate file and the associated private key file.
After obtaining a server certificate from a Certificate Authority (CA) or generating a self signed server certificate, copy the files into the Certs\Server directory on the SEAGULL Security Server.
In the Certificate File: edit box, specify the path or Browse... to the certificate file. Common certificate file extensions are .PEM, .CER, .DER. Use the View... button to view the selected certificate.
In the Private Key File: edit box, specify the path or Browse to the private key file associated with the previously selected certificate. Common private key file extensions are .KEY, .PEM, .DER.
In the Private Key Password: edit box, enter the private key password. This is required to unlock the private key for use.
Click the OK button to save the settings.
Stop and Start the Security Server to load the newly specified certificate.
Displays the Activate Signing Certificate dialog used to sign certificates when they are created. This must be specified prior to creating Client Certificates.
Generate a self-signed signing certificate and copy the files into the Certs\Server directory on the SEAGULL Security Server.
In the Certificate File: edit box, specify the path or Browse... to the certificate file. Common certificate file extensions are .PEM, .CER, .DER. Use the View... button to view the selected certificate.
In the Private Key File: edit box, specify the path or Browse to the private key file associated with the previously selected certificate. Common private key file extensions are .KEY, .PEM, .DER.
In the Private Key Password: edit box, enter the private key password. This is required to unlock the private key for use.
Click the OK button to save the settings.
Stop and Start the Security Server to load the newly specified certificate.
Displays the Generate New Certificate or Request dialog used to create Client Certificates, Self-Signed Server Certificates and Self-Signed Signing Certificates.
Type:
Client Certificate Creates client certificates used to authenticate clients to the server.
Server Certificate Creates self-signed server certificates used to authenticate the server to the client.
Signing Certificate Creates signing certificates used to sign client certificates when they are created to assure their authenticity.
Output:
Request Generates a certificate request and private key only. Use this option when obtaining a server certificate from a Certificate Authority (CA)
Certificate Generates a certificate from an existing certificate request. This option is not generally used.
Both Generates the certificate request, private key and certificate simultaneously. This option is used when creating self-signed certificates and client certificates.
Key Size:
The radio buttons select the key size used to create the certificate and private key. This setting is valid for the request only. A minimum key size of 768-bits is recommended to be considered secure.
512-Bit Creates a certificate with a 512-bit key size.
1024-Bit Creates a certificate with a 1024-bit key size.
2048-Bit Creates a certificate with a 2048-bit key size.
Certificate Name: Should be at least 4 characters containing numbers, letters, or underscores. It is used to create the certificate and private key filenames.
Challenge Password: Must be at least four characters containing numbers, letters, or underscores. It is used to protect the private key file from unauthorized use.
Common Name: This is generally a computer name or address. Some CAs require that this field not contain any blanks or special characters. For a client certificate, this is usually the client's name.
Email Address: This may be used when generating Client Certificates or Client Certificate Requests and may be left blank for Server or Signing Certificates.
Organization Name: This specifies the Organization Name portion of the Distinguished Name field.
Organization Unit: This specifies the Organization Unit portion of the Distinguished Name field.
Locality or City: This specifies the Locality portion of the Distinguished Name field.
State or Province: This specifies the State or Province portion of the Distinguished Name field. Some CAs require that this field contain the full state name.
Country Code: This specifies the Country Code portion of the Distinguished Name field.
Validity Period: This field is set by the CA and is not part of the Certificate Request.
Generate: Starts the certificate generation process. Once successfully generated, a dialog appears showing the path and filenames for the Certificate Request, Certificate, and Private Key File.
Used to copy the certificate files to the Security Server in the appropriate format. Client Reference Certificates and Root Certificates are processed using a hashing algorithm to produce unique filenames with a uniform length.
Certificate Type
Client Reference Certificates are used to validate the authenticity of a client certificate presented during SSL negotiation by comparing the presented certificate with the Reference Certificate. A Client Reference Certificate must exist for each Client Certificate issued if the "Match Reference Cert" option is selected in the Connection configuration.
Trusted Root Certificates are used to validate the authenticity of a client certificate and any intermediate certificates in the certificate chain. A Server Trusted Root Certificate may be installed on the clients to validate the authenticity of the Server Certificate presented during SSL negotiation. This eliminates invalid certificate errors seen by clients during the SSL negotiation.
Server Certificates and Keys copies the selected certificate and key files to the Certs\Server directory on the Security Server. The certificate must be activated using the Certificates:Server... function.
Signing Certificates and Keys copies the selected certificate and key files to the Certs\Server directory on the Security Server. The certificate must be activated using the Certificates:Signing... function.
The Certificate File(s): edit box and Browse... button allow the files to be selected for installation. Multiple certificate and key files may be selected in a single installation.
Displays the View Certificate dialog that allows the viewing of any selected certificate.
Local allows browsing for certificates files on the same system host the SEAGULL Security Server Manager.
Remote allows browsing for certificates on the current remote system selected using Actions:Select Computer.
The Certificate File: edit box displays the path and file name for the certificate to be viewed.
The View... button launches the Windows certificate viewer for the certificate file referenced in the Certificate File: edit box.
Launches the Certificate List dialog that lists all available Client Reference Certificates. The list may be reordered by clicking any of the column headers. Certificates may be removed from the list (deleted from the Certs\Client directory) by highlighting them and clicking the Remove button. All expired certificates may be removed by clicking the Remove All Expired button.
Launches the Certificate List dialog that lists all available Root Certificates. The list may be reordered by clicking any of the column headers. Certificates may be removed from the list by highlighting them and clicking the Remove button. All expired certificates may be removed (deleted from the Certs\Root directory) by clicking the Remove All Expired button.