Skip to main content

Certificate Settings

The following tables list the configurable EMS Certificate settings.


Please contact your Network Administrator if you are unsure what to put in any of these fields or if you are unsure whether the setting is required on your network.

Generate Certificate or Private Key
NameType in a unique name under which the certificate will be stored in EMS as well as listed on the Certificate pane

Select the Signature Type:

  • Self-signed: The certificate will be generated and signed by the system, and the name will be added to the list of Identity Certificates.
  • Certificate Signing Request: A request will be generated, and its name will be added to the list of Identity Certificates. The request will be located in your home directory (accessible through the CLI), or you may export it by clicking on the View button and copying the content into a new file in a text editor. In its generated form, this certificate is still a request and cannot be used as an Identity Certificate before it is signed by a CA, and imported back.
Digest Algorithm

Select the digest algorithm (Secure Hash Algorithm):

  • SHA-256
  • SHA-384
  • SHA-512

The Subject identifies the device being secured, in this case, EMS. Clicking the 

 icon opens a dialog to assist in properly formatting the subject. Type in the subject in the form: "/C=…/ST=…/L=…/O=…/OU=…/CN=…" where the most common attributes are:

  • /C Two Letter Country Name
  • /ST State or Province Name
  • /L Locality Name
  • /O Organization Name
  • /OU Organizational Unit Name
  • /CN Common Name


For successful authentication, the Common Name in the certificate should be the IP address (by default) or domain name of the device.

V3 Extension

V3 extensions allow more configuration options to be inserted in the Code Signing Request, such as alternative subject names and usage restrictions to certificates.

To add one or more Subject Alternative Names, enter the same information that would go in the extensions section of an OpenSSL configuration file. For example:

[ req ]
req_extensions = v3_req
[ v3_req ]
# Extensions to add to a certificate request
subjectAltName = @alt_names
[ alt_names ]
DNS.1 =
DNS.2 =
DNS.3 =
DNS.4 =
DNS.5 =
DNS.6 =
Import Certificate or Private Key

Select the certificate Type:

  • Certificates: (Identify/CA-chains/Bundles)
  • Private Key + Certificate Pair
Name(Certificates only) Name of the certificate.

(Certificates only) Select the file format for the Certificate (the formats differ in the way the file is encrypted):

  • Auto: detected from the file extension
  • DER: Distinguish Encoding Rules
  • PKCS #7
  • PKCS #12
PasswordIf the imported certificate contains a password protected private key, type its password in this field. Leave this field empty if the file is not password-protected.
Certificate File

Select the file to upload.

Private Key(Private Key + Certificate Pair only) Select the file to upload.
Bundle File(Private Key + Certificate Pair only) Select the file to upload.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.