Certificate Tasks

Imported certificates should be in the PEM format.

When creating certificates, include all Subject Alternative Names to ensure there is no name mismatch.

Java client's downloading jar activity checks for the exact hostname match as provided in the download url.

Note: The button at the bottom of the screen will change from Export to Import to Generate, depending on which certificate option is selected.

• To export current certificate and private key:

1. Choose Administration > Security.
2. Click the Certificate tab.
3. Select Export current certificate and private key.
4. Click Export. The certificate appears in the Certificate panel and the private key appears in Private Key panel.
5. In each panel, select the text, and then press Ctrl+C to copy it. You can then paste the text wherever needed.

• To generate Certificate Signing Request, and import pasted certificate and private key:

The CSR will be submitted to the Certificate Server who will issue a signed certificate. A root certificate will also be exported from the Certificate Server and saved in a file. Once you receive the signed certificate from the certificate signing authority, you can import the signed certificate, root certificate, and private key.

1. Choose Administration > Security.
2. Click the Certificate tab.
3. Click Generate Certificate Signing Request, and then click Generate. The Generate Certificate Signing Request window opens.
4. Type the requested data into the fields.
   1. Encryption Mode: If Require AES Encryption between Client and Server is selected in the Administration > Security > Encryption screen, AES-128 is the default. If AES is not required, DES 3 is the default.
   2. Private Key Length: 2048 is the default.
   3. Validity Period (days): Maximum 4 numeric characters.
   4. Country Code: CSR tag is Country Name.
   5. State or Province: Maximum 128 characters. Type in the whole state or province name. Do not abbreviate.
   6. City/Locality: CSR tag is Locality Name. Maximum 128 characters.
   7. Registered Company Name: CSR tag is Organization Name. Maximum 64 characters.
   8. Division/Department Name: CSR tag is Organization Unit Name. Maximum 64 characters.
   9. Fully Qualified Domain Name: CSR tag is Common Name.
   10. Administrator Email Address: Type in the email address of the administrator who is responsible for the certificate request. Maximum 256 characters.
   11. Challenge Password: Maximum 64 characters.
5. Click OK to generate the CSR. The CSR and Private Key appear in the corresponding fields of the Certificate screen.
6. Select the text in the Certificate Request box, and then press Ctrl+C to copy it. Using an ASCII editor such as Notepad, paste the CSR into a file and save it with a .cer extension.
7. Select the text in the Private Key box, and then press Ctrl+C to copy it. Using an ASCII editor such as Notepad, paste the Private Key into a file and save it with a .txt extension.
8. Submit the .cer file to the Certificate Server to obtain a signed certificate.
9. Download or export the root certificate from the Certificate Server and save it to a file with a .cer extension. This is a different certificate from the signed certificate that will be issued by the Certificate Server in the next step.
10. Click Browse next to CA file and select the root certificate file.
11. Once you receive the signed certificate from the Certificate Server, select Import pasted certificate and private key.
12. Copy the text of the signed certificate, and then press Ctrl+V to paste it into the Certificate box.
13. Copy the text of the Private Key previously saved as a .txt file, and then press Ctrl+V to paste it into the Private Key box.
14. Type raritan in the Password field if the CSR was generated by CC-SG. If a different application generated the CSR, use the password for that application.

Note: If the imported certificate is signed by a root and subroot CA (certificate authority), using only a root or subroot certificate will fail. To resolve this, copy and paste both root and subroot certificate into one file, and then import it.

• To generate self signed certificate request:

1. Choose Administration > Security.
2. Click the Certificate tab.
3. Select Generate Self Signed Certificate, and then click Generate. The Generate Self Signed Certificate window opens.
4. Type the requested data into the fields.
   1. Encryption Mode: If Require AES Encryption between Client and Server is selected in the Administration > Security > Encryption screen, AES-128 is the default. If AES is not required, DES 3 is the default.
   2. Private Key Length: 2048 is the default.
   3. Validity Period (days): Maximum 4 numeric characters.
   4. Country Code: CSR tag is Country Name.
   5. State or Province: Maximum 128 characters. Type in the whole state or province name. Do not abbreviate.
   6. City/Locality: CSR tag is Locality Name. Maximum 128 characters.
   7. Registered Company Name: CSR tag is Organization Name. Maximum 64 characters.
   8. Division/Department Name: CSR tag is Organization Unit Name. Maximum 64 characters.
   9. Fully Qualified Domain Name: CSR tag is Common Name.
   10. Administrator Email Address: Type in the email address of the administrator who is responsible for the certificate request. Maximum 256 characters.
   11. Challenge Password: Maximum 64 characters.
5. Click OK to generate the certificate. The Certificate and Private Key appear encrypted in the corresponding fields of the Certificate screen.