Certificate Settings

The following tables list the configurable EMS Certificate settings.

Note

Please contact your Network Administrator if you are unsure what to put in any of these fields or if you are unsure whether the setting is required on your network.

Generate Certificate or Private Key

Setting	Description
Name	Type in a unique name under which the certificate will be stored in EMS as well as listed on the Certificate pane
Type	Select the Signature Type: Self-signed: The certificate will be generated and signed by the system, and the name will be added to the list of Identity Certificates. Certificate Signing Request: A request will be generated, and its name will be added to the list of Identity Certificates. The request will be located in your home directory (accessible through the CLI), or you may export it by clicking on the View button and copying the content into a new file in a text editor. In its generated form, this certificate is still a request and cannot be used as an Identity Certificate before it is signed by a CA, and imported back.
Digest Algorithm	Select the digest algorithm (Secure Hash Algorithm): SHA-256 SHA-384 SHA-512
Subject	The Subject identifies the device being secured, in this case, EMS. Clicking the icon opens a dialog to assist in properly formatting the subject. Type in the subject in the form: "/C=…/ST=…/L=…/O=…/OU=…/CN=…" where the most common attributes are: /C Two Letter Country Name /ST State or Province Name /L Locality Name /O Organization Name /OU Organizational Unit Name /CN Common Name Tip For successful authentication, the Common Name in the certificate should be the IP address (by default) or domain name of the device.
V3 Extension	V3 extensions allow more configuration options to be inserted in the Code Signing Request, such as alternative subject names and usage restrictions to certificates. To add one or more Subject Alternative Names, enter the same information that would go in the extensions section of an OpenSSL configuration file. For example: TEXT `[ req ] req_extensions = v3_req [ v3_req ] # Extensions to add to a certificate request subjectAltName = @alt_names [ alt_names ] DNS.1 = server1.example.com DNS.2 = mail.example.com DNS.3 = www.example.com DNS.4 = www.sub.example.com DNS.5 = mx.example.com DNS.6 = support.example.com`

Import Certificate or Private Key

Setting	Description
Type	Select the certificate Type: Certificates: (Identify/CA-chains/Bundles) Private Key + Certificate Pair
Name	(Certificates only) Name of the certificate.
Format	(Certificates only) Select the file format for the Certificate (the formats differ in the way the file is encrypted): Auto: detected from the file extension DER: Distinguish Encoding Rules PKCS #7 PKCS #12
Password	If the imported certificate contains a password protected private key, type its password in this field. Leave this field empty if the file is not password-protected.
Certificate File	Select the file to upload.
Private Key	(Private Key + Certificate Pair only) Select the file to upload.
Bundle File	(Private Key + Certificate Pair only) Select the file to upload.