This submenu is displayed if, in the submenu Create with the setting Attributes Signature Certificate signing request has been selected, or if from one of the two main menus SSL and/or CA the process is continued via Continue certificate signing request....
Sections on this page:
In this section, the parameters entered previously under Issued to are displayed again. The following table therefore represents the maximum configuration.
Parameters |
Description |
|---|---|
Generally, this field contains the domain name via which the GINA portal can be reached, e.g. "securemail.mycompany.tld". If a wildcard certificate is also be requested, the domain name would be "*.mycompany.tld". With self-signed certificates, for instance "mycompany.local" could be displayed here. IP addresses, such as "10.0.0.10" should generally be avoided in this location. |
|
Generally, the email address of the applicant or the administrator of the certificate or their department is entered. |
|
Organisational unit, such as a department name, e.g. "Accounting" |
|
Specifies the organisation for which the certificate was issued, for example "Company" |
|
Location, for example a town like "Neuenhof" or also a partial building like "Plant2" |
|
Federal state, canton, province or similar, for example "AG" for "Aargau" |
|
Selecting the country via the drop-down menu |
The input field contains the CSR as it has to be transmitted to the certification authority. This is often done via a text input field on the CA's website.
If the certificate is returned by the certification authority after the CSR has been uploaded to the CA, it has to be imported.
(new in 14.0.0) The following formats can be imported: X.509 certificate as file or text, PKCS7 (p7b) as file or text.
Note for the text format:
The certificate starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
Under certain circumstances the certification authority may provide further certificates. These are intermediate certificates which must be copied into this field below the public key.
The input must be completed with an empty line!
|
All necessary intermediate certificates for a complete certificate chain should be inserted in this input field. An incomplete certificate chain always leads to problems during the certificate verification if the remote peer is not already aware of it. In the case of an SSL certificate with a missing chain, internet tools - such as CheckTLS - then display an incorrect TLS status. Not every certification authority automatically delivers the complete certificate chain. In this case, the required intermediate certificates may have to be obtained elsewhere. |
The Import Certificate button completes the process.
The button Cancel this certificate enrollment process cancels the process.
|
It is no longer possible to integrate the certificate matching the CSR after cancellation via Cancel this certificate enrollment process as the private key matching the CSR will be deleted! The appliance can be further configured by simply switching to another menu without aborting the process. |
