Create a chained personal certificate in SSL
A chained personal certificate is a personal certificate created using another personal certificate to sign it. This chaining allows a certificate to be signed with a certificate (a root certificate) that has a long life span. Root certificates are stored in the DmgrDefaultRootStore or NodeDefaultRootStore. The server's default personal certificate is a chained certificate created when the profile is created. Chained certificates can also be created after profile creation
We use the administrative console to create a chained personal certificate.
Tasks
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which we want to add the chained personal certificate.
- Under Additional Properties, click Personal certificates .
- Click the Create button and select Chained Certificate The listCertificates AdminTask can be used to generate the list of root certificates available to sign the certificate.
- Fill in the following information to the General Properties section as follows:
- Supply an alias name.
- Select Root certificate from the pull down list.
- Key size
- Common name
- Validity period
- Organization
- Organization Unit
- Locality
- State/Province
- Zip code
- Country or region
- Click Apply then OK.
The certificate is created, signed by the root certificate specified, and stored in the keystore. Once a chained personal certificate is created, the certificate can be used by the runtime for SSL communication.
Create a Secure Sockets Layer configuration PersonalCertificateCommands