Skip to main content

Certificate Settings

Generate Certificate or Private Key

Certificate Namen/aType in a unique name under which the certificate will be stored on Kraken as well as listed on the Certificate page.
TypeCertificate Signing Request

Select the Signature Type:

  • Self-signed: The certificate will be generated and signed by the system, and the name will be added to the list of Identity Certificates.
  • Certificate Signing Request (CSR): A request will be generated, and its name will be added to the list of Identity Certificates. A copy of the request is saved in the current administrator's home directory, or it can be copied and pasted into a new file in a text editor from the CSR view. In its generated form, this certificate is still a request and cannot be used as an Identity Certificate before it is signed by a CA, and imported back.
Create New Private KeyDisabled

(Type must be Self-Signed) Check this checkbox to create a new private key.


Generating a new private key will overwrite the current private key.

Digest AlgorithmSHA-256

Select the digest algorithm (Secure Hash Algorithm): 

  • SHA-256
  • SHA-384
  • SHA-512

The Subject identifies the device being secured, in this case, Kraken.

Entering the special value “auto” (or leaving the field blank) sets the Common Name to the device’s FQDN if DNS is set, or the IP address otherwise. The Subject Alternative Name extension is also set to the FQDN, hostname, and IP Address of the device (there is no other method to enter Subject Alternative Name values).

Type in the subject in the form: "/C=US/ST=Maine..." where the most common attributes are:

  • /C Two Letter Country Name
  • /ST State or Province Name
  • /L Locality Name
  • /O Organization Name
  • /OU Organizational Unit Name
  • /CN Common Name

Note that parameters with spaces should be enclosed in quotation marks.

V3 Extension

(Type must be CSR) V3 extensions allow more configuration options to be inserted in the Code Signing Request, such as alternative subject names and usage restrictions to certificates.

To add one or more Subject Alternative Names, enter the same information that would go in the extensions section of an OpenSSL configuration file. For example:

[ req ]
req_extensions = v3_req
[ v3_req ]
# Extensions to add to a certificate request
subjectAltName = @alt_names
[ alt_names ]
DNS.1 =
DNS.2 =
DNS.3 =
DNS.4 =
DNS.5 =
DNS.6 =

Import Certificate or Private Key

  • Certificates (Identity /CA-chains/Bundles)

Select the type of the imported certificate:

  • Certificates (Identity/CA-chains/Bundles): If you are importing an identity certificate. 
  • Private Key + Certificate Pair

The Certificate Name is the name under which the certificate will be stored on the device.

  • If the certificate is a new certificate generated outside of the Kraken, the file should also contain the certificate Private Key, and its chosen name should be one that isn't already installed on the device.
  • If the certificate is a newly signed one that was sent as a certificate signing request and is returned by the CA, the certificate name should be the same as its CSR (Certificate Signing Request) counterpart in the list.

Select the file format for the Certificate (the formats differ in the way the file is encrypted):

  • Auto: detected from the file extension
  • DER: Distinguish Encoding Rules
  • PKCS #7
  • PKCS #12

If the imported certificate contains a password-protected private key, type its password in this field.

Leave this field empty if the file is not password-protected.

Certificate Filen/a

Drag a certificate file to the drop area or click  Choose a file  to select a certificate file to import.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.