This submenu is called up from SSL and/or CA.
At this point, a self-signed certificate (usually only for test purposes) or a certificate signing request (CSR) can be created.
If a CSR is created, the key pair is generated on the appliance, and only the public key is written to a csr file, which is submitted to a certification authority, signed and returned as a certificate.
|
If the top of the status bar of the menu displays the information Remember to import the signed certificate in yellow, a certificate request has already been made.
The newly created certificate should be added in the following order, together with any additional interim or intermediate certificates required for the root certification authority or root CA: 1.Public key of own certificate 2.Public key of the intermediate certificate(s) . The root certificate of the root certification authority must not be added. |
Sections on this page:
In this section, the certificate requester enters the relevant information. The parameters marked with * are mandatory.
Parameters |
Description |
|---|---|
Generally, this field contains the domain name via which the GINA portal can be reached, e.g. "mycompany.tld.tld". If a wildcard certificate is also be requested, the domain name would be "*.mycompany.tld". With self-signed certificates, for instance "mycompany.local" could be displayed here. IP addresses, such as "10.0.0.10" should generally be avoided in this location. |
|
Generally, the email address of the applicant or the administrator of the certificate or their department is entered. |
|
Organisational unit, such as a department name, e.g. "Accounting" |
|
Specifies the organisation for which the certificate was issued, for example "Company" |
|
Location, for example a town like "Neuenhof" or also a partial building like "Plant2" |
|
Federal state, canton, province or similar, for example "AG" for "Aargau" |
|
Selection of the country via the selection menu |
|
|
(Names or IPs separated by whitespaces) (only available when opening from SSL) |
Here, additional names (see Name or IP (CN)) can be entered to generate certificates for multi-domain and/or SAN (subject alternative names) certificates. |
Parameters |
Description |
|||
|---|---|---|---|---|
The selection menu can be used to set what is to be generated.
|
||||
|
Default setting. This option is used to generate a key pair on the appliance. In the subsequent menu the public key is displayed as CSR for forwarding to the CA. The sensitive private key does not leave the appliance! |
|||
This option generates a self-signed certificate which is immediately implemented. |
||||
|
(only available when opening from SSL) |
If the local CA is set up, this option can be used to issue an SSL certificate signed by this CA. |
|||
The desired key length for the requested certificate can be set via the selection menu. |
||||
Key lengths of 1024 bit no longer comply with the security standard and should therefore no longer be used. |
||||
Default setting. Current standard. |
||||
In order to avoid any additional effort in case of an increase in the generally valid standard and to comply with the already generally supported maximum security standard, we recommend setting the key length to 4096 bit. |
||||
By default, this is set to 398. Desired validity period of the certificate to be created in days. This value may be ignored by the signing CA and replaced by the CA standard. |
||||
The Create button - at the bottom of the menu - starts the action selected under Signature.
