Generating self-signed server certificates
Self-signed server certificates are not signed by a certificate authority (CA). Server certificates serve two purposes: to identify the server to the client and to provide the server public key to the client for the remainder of the SSL handshake and key exchange.
In cases where authenticating to the server to the client is not important, self signed certificates can be used. The Security Server ships with a self signed certificate, however it may be desirable for a company to create its own self signed certificate which the client can view when it is presented.
1. On the menu bar, click Certificates Generate to display the Generate New Certificate or Request window.
2. Select the following radio buttons:
•  Server Certificate
•  Both
•  Key Size (a key size greater than 512-bits is recommended)
3. Type the Certificate Name. It must be 8 characters or fewer containing numbers, letters, or underscores. It is used to create the certificate and private key file names.
4. Type the Challenge Password. It must be at least four characters containing number, letters, or underscores. It is used to protect the private key file from unauthorized use.
5. Type the Common Name. This is generally a computer name or address. Some CAs require that this field not contain any blanks or special characters.
6. Type the Email Address. This is used when generating Client Certificates or Client Certificate Requests and can be left blank for Server or Signing Certificates.
7. Type the Organization Name. This specifies the Organization Name portion of the Distinguished Name field.
8. Type the Organization Unit. This specifies the Organization Unit portion of the Distinguished Name field.
9. Type the Locality or City. This specifies the Locality portion of the Distinguished Name field.
10. Type the State or Province. This specifies the State or Province portion of the Distinguished Name field. Some CAs require that this field contain the full state name.
11. Type the Country Code. This specifies the Country Code portion of the Distinguished Name field.
12. Type the Validity Period. This field is set by the CA and is not part of the Certificate Request.
13. Click Generate to generate the certificate and key files.
The Certificate Request Complete window appears indicating the name and location of the Certificate Request and Private Key File.
Related Links
Digital certificates (Parent Topic)