Generating client certificates
Client certificates are used to authenticate clients to the server. To generate a Client Certificate with the Security Server, a valid Signing Certificate must be generated and installed with a validity period greater than that to be specified for the Client Certificates.
Refer to Generating self-signed signing certificates for more information.
1. Click Certificates Generate to display the Generate New Certificate or Request window.
2. Select the Client Certificate radio button, the Both radio button, and the appropriate Key Size radio button. A key size of at least 1024-Bit is recommended.
3. Type the Certificate Name. It must be 8 characters or fewer containing numbers, letters, or underscores. It is used to create the certificate and private key file names.
4. Type the Challenge Password. It must be at least four characters containing number, letters, or underscores. It is used to protect the private key file from unauthorized use.
5. Type the Common Name. This is generally a computer name or address. Some CAs require that this field not contain any blanks or special characters.
6. Type the Email Address. This is used when generating Client Certificates or Client Certificate Requests and can be left blank for Server or Signing Certificates.
7. Type the Organization Name. This specifies the Organization Name portion of the Distinguished Name field.
8. Type the Organization Unit. This specifies the Organization Unit portion of the Distinguished Name field.
9. Type the Locality or City. This specifies the Locality portion of the Distinguished Name field.
10. Type the State or Province. This specifies the State or Province portion of the Distinguished Name field. Some CAs require that this field contain the full state name.
11. Type the Country Code. This specifies the Country Code portion of the Distinguished Name field.
12. Type the Validity Period. This field is set by the CA and is not part of the Certificate Request.
13. Click Generate to generate the certificate and key files.
The Certificate Request Complete window appears indicating the name and location of the various files that were created by the process. The Certificate Name that was used during the Certificate generation process, is used as the file name. The files are placed in the following location:
C:\Program Files\BlueZone Security Server\Certs\New
14. To use the Certificate, the appropriate files must be installed in the client program (i.e. BlueZone) before they can be used for authentication to the Security Server.
Refer to Use client certificates for user authentication for additional information.
15. If the Client Certificate is to be matched to a Reference Certificate for user authentication, then the Client Reference Certificate must be installed on the Security Server.
Refer to Installing client reference certificates for additional information.
Related Links
Digital certificates (Parent Topic)