Skip to main content

Certificate Settings

The following table lists the Certificates controls and settings:

Generate Certificate Dialog

SettingDefaultDescription/Values
Certificate Namen/aType in a unique name under which the certificate will be stored on the Makito X as well as listed on the Certificate page.
SignSelf-signed

Select the Signature Type:

  • Self-signed: The certificate will be generated and signed by the system, and the name will be added to the list of Identity Certificates.
  • Certificate Signing Request (CSR): A request will be generated, and its name will be added to the list of Identity Certificates. A copy of the request is saved in the current administrator's home directory, or it can be copied and pasted into a new file in a text editor from the CSR view. In its generated form, this certificate is still a request and cannot be used as an Identity Certificate before it is signed by a CA, and imported back.
Subject

The Subject identifies the device being secured, in this case, the Makito X.

Entering the special value “auto” (or leaving the field blank) sets the Common Name to the device’s FQDN if DNS is set, or the IP address otherwise. The Subject Alternative Name extension is also set to the FQDN, hostname, and IP Address of the device (there is no other method to enter Subject Alternative Name values).

Type in the subject in the form: "/C=US/ST=Maine..." where the most common attributes are:

  • /C Two Letter Country Name
  • /ST State or Province Name
  • /L Locality Name
  • /O Organization Name
  • /OU Organizational Unit Name
  • /CN Common Name

Note that parameters with spaces should be enclosed in quotation marks.

Import Certificate Dialog

SettingDefaultDescription/Values
Certificate Namen/a

The Certificate Name is the name under which the certificate will be stored on the device.

  • If the certificate is a new certificate generated outside of the Makito X, the file should also contain the certificate Private Key, and its chosen name should be one that isn't already installed on the device.
  • If the certificate is a newly signed one that was sent as a certificate signing request and is returned by the CA, the certificate name should be the same as its CSR (Certificate Signing Request) counterpart in the list.
TypeIdentity (Identity Certificates)
----------------
root-CA (CA Certificates)

Select the type of the imported certificate:

  • Identity: If you are importing an identity certificate.
  • CA-Chain: If the import is a chain of certificate authorities leading to the root certificate authority. The imported CA-chain can contain one or more certificates linking its associated identity certificate to the root-CA and may or may not include the root-CA itself (that will only be trusted if imported as a root-CA).
  • root-CA: If you are importing a root-CA certificate. These certificates are the anchor of trust of the certificate authorities you decide to trust and are generally publicly available from the CA Web sites. They are used by the device when validating the chain of trust of an identity certificate and its CA-chain.

Note

Even though you can see the Type buttons, clicking Import in either the ID or CA sections may cause error messages to be displayed, i.e.:

  • If you select CA-root in the import from the ID.
  • If you select Identity or CA-chain in the import from the ca-root.
FormatAuto

Select the file format for the Certificate (the formats differ in the way the file is encrypted):

  • Auto: detected from the file extension
  • pem: Privacy Enhanced Mail Base64 encoded DER certificate
  • der: Distinguish Encoding Rules
  • pkcs #7
  • pkcs #12
  • pfx
Passwordn/a

If the imported certificate contains a password protected private key, type its password in this field.

Leave this field empty if the file is not password-protected.

Import Filen/aClick Choose File to select the file.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.