Generating client certificates
Client certificates are used to authenticate clients to the server. To generate a Client Certificate with the Security Server,
a valid Signing Certificate must be generated and installed with a validity period greater than that to be specified for the
Client Certificates.
|
1. |
Click to display the Generate New Certificate or Request window. |
|
2. |
Select the Client Certificate radio button, the Both radio button, and the appropriate Key Size radio button. A key size of at least 1024-Bit is recommended. |
|
3. |
Type the Certificate Name. It must be 8 characters or fewer containing numbers, letters, or underscores. It is used to create the certificate and private
key file names. |
|
4. |
Type the Challenge Password. It must be at least four characters containing number, letters, or underscores. It is used to protect the private key file
from unauthorized use. |
|
5. |
Type the Common Name. This is generally a computer name or address. Some CAs require that this field not contain any blanks or special characters.
|
|
6. |
Type the Email Address. This is used when generating Client Certificates or Client Certificate Requests and can be left blank for Server or Signing
Certificates. |
|
7. |
Type the Organization Name. This specifies the Organization Name portion of the Distinguished Name field. |
|
8. |
Type the Organization Unit. This specifies the Organization Unit portion of the Distinguished Name field. |
|
9. |
Type the Locality or City. This specifies the Locality portion of the Distinguished Name field. |
|
10. |
Type the State or Province. This specifies the State or Province portion of the Distinguished Name field. Some CAs require that this field contain the
full state name. |
|
11. |
Type the Country Code. This specifies the Country Code portion of the Distinguished Name field. |
|
12. |
Type the Validity Period. This field is set by the CA and is not part of the Certificate Request. |
|
13. |
Click Generate to generate the certificate and key files. The Certificate Request Complete window appears indicating the name and location of the various files that were created by
the process. The Certificate Name that was used during the Certificate generation process, is used as the file name. The
files are placed in the following location:
C:\Program Files\BlueZone Security Server\Certs\New
|
|
14. |
To use the Certificate, the appropriate files must be installed in the client program (i.e. BlueZone) before they can be used
for authentication to the Security Server.
|
|
15. |
If the Client Certificate is to be matched to a Reference Certificate for user authentication, then the Client Reference Certificate
must be installed on the Security Server.
|