Certificate Settings

Generate Certificate or Private Key

Setting	Default	Description/Values
Certificate Name	n/a	Type in a unique name under which the certificate will be stored on Kraken as well as listed on the Certificate page.
Type	Certificate Signing Request	Select the Signature Type: Self-signed: The certificate will be generated and signed by the system, and the name will be added to the list of Identity Certificates. Certificate Signing Request (CSR): A request will be generated, and its name will be added to the list of Identity Certificates. A copy of the request is saved in the current administrator's home directory, or it can be copied and pasted into a new file in a text editor from the CSR view. In its generated form, this certificate is still a request and cannot be used as an Identity Certificate before it is signed by a CA, and imported back.
Create New Private Key	Disabled	(Type must be Self-Signed) Check this checkbox to create a new private key. Tip Generating a new private key will overwrite the current private key.
Digest Algorithm	SHA-256	Select the digest algorithm (Secure Hash Algorithm): SHA-256 SHA-384 SHA-512
Subject		The Subject identifies the device being secured, in this case, Kraken. Entering the special value “auto” (or leaving the field blank) sets the Common Name to the device’s FQDN if DNS is set, or the IP address otherwise. The Subject Alternative Name extension is also set to the FQDN, hostname, and IP Address of the device (there is no other method to enter Subject Alternative Name values). Type in the subject in the form: `"/C=US/ST=Maine..."` where the most common attributes are: /C Two Letter Country Name /ST State or Province Name /L Locality Name /O Organization Name /OU Organizational Unit Name /CN Common Name Note that parameters with spaces should be enclosed in quotation marks.
V3 Extension		(Type must be CSR) V3 extensions allow more configuration options to be inserted in the Code Signing Request, such as alternative subject names and usage restrictions to certificates. To add one or more Subject Alternative Names, enter the same information that would go in the extensions section of an OpenSSL configuration file. For example: CODE `[ req ] req_extensions = v3_req [ v3_req ] # Extensions to add to a certificate request subjectAltName = @alt_names [ alt_names ] DNS.1 = server1.example.com DNS.2 = mail.example.com DNS.3 = www.example.com DNS.4 = www.sub.example.com DNS.5 = mx.example.com DNS.6 = support.example.com`

Import Certificate or Private Key

Setting	Default	Description/Values
Type	Certificates (Identity /CA-chains/Bundles)	Select the type of the imported certificate: Certificates (Identity/CA-chains/Bundles): If you are importing an identity certificate. Private Key + Certificate Pair
Name	n/a	The Certificate Name is the name under which the certificate will be stored on the device. If the certificate is a new certificate generated outside of the Kraken, the file should also contain the certificate Private Key, and its chosen name should be one that isn't already installed on the device. If the certificate is a newly signed one that was sent as a certificate signing request and is returned by the CA, the certificate name should be the same as its CSR (Certificate Signing Request) counterpart in the list.
Format	Auto	Select the file format for the Certificate (the formats differ in the way the file is encrypted): Auto: detected from the file extension DER: Distinguish Encoding Rules PKCS #7 PKCS #12
Password	n/a	If the imported certificate contains a password-protected private key, type its password in this field. Leave this field empty if the file is not password-protected.
Certificate File	n/a	Drag a certificate file to the drop area or click Browse to select a certificate file to import.

Related Topics