Use a CA client to create a personal certificate to be used as the default personal certificate


Overview

An external certificate authority (CA) certificate can be used as the server default personal certificate. The CA certificate can be created using a CA client.

We need...


Procedure

  1. Click...

    Security | SSL certificate and key management | Related Items | Certificate Authority (CA) client configurations | New

  2. Enter the CA client information as required.

    • Name of the CA client.
    • The management scope (selected from the drop-down list.
    • Implementation class.
    • CA server host name.
    • User name.
    • Confirm of password.
    • Number of times to poll.
    • Polling interval (in minutes) when requesting certificates.
    • Custom properties.

  3. Click Apply then Save.

  4. Navigate to the Server default key store personal certificate...

    Security | SSL configuration and certificate management | Key stores and certificates | server_default_keystore | Additional properties | Personal certificates | Create button | CA-signed certificate

  5. Fill in the following information to the CA certificate section.

    • Revocation password

    • Confirm password.

    • Select the CA client that applies to this CA certificate.

      We can create a new CA client to apply to this CA authority by clicking the New button.

    • Fill in the following information to the Request Specification section:

      • Select the radio button for Predefined request alias if we have a predefined alias.

      • If we do not have a predefined alias, fill in the following fields:

        • Alias name in the Alias field to identify the certificate request in the keystore.
        • Common name (CN) value. This value is the CN value in the certificate distinguished name (DN).
        • Optional: Organization value. This value is the O value in the certificate DN.
        • Optional: Key size value. The default key size value is 1024 bits.
        • Locality
        • Optional: State or Province value. This value is the ST value in the certificate DN.
        • Optional: Aip code value. The zip code value is the POSTALCODE value in the certificate DN.
        • Optional: Country or region value from the list. This country value is the C= value in the certificate request DN.
        • Validity period

  6. Click Apply then Save.

  7. Navigate to the Server Default Key store’s personal certificates...

    Security | SSL configuration and certificate management | Key stores and certificates | server_default_keystore | Additional properties | Personal certificates

  8. Select the server default personal certificate and click the Replace button.

  9. Select the CA certificate alias from the list of aliases.

  10. Click Apply then Save.

 

Results

The CA certificate alias replaces the alias of the default certificate in places where it is referenced in the configuration. All signer certificates from the default certificate are replaced with the signer certificate from the CA certificate.

 

Related tasks


Create a CA certificate in SSL
Create a CA client in SSL
Create an SSL configuration