|
Certificate Enrollment Wizard
The Certificate Enrollment wizard is used to enroll
certificates which means requesting a certification authority (CA) to
issue a certificate. Start the wizard by clicking the Enroll
button on the Certificates page of the Settings
dialog.
Using certificate enrollment wizard requires that the CA software supports
Certificate Management Protocol version 2 (CMPv2).
Certificate Enrollment - Start
The first page of the Certificate Enrollment wizard displays
information on the enrollment process. The enrollment process will
create a key pair, consisting of a public and a private key.
Figure : The start of the enrollment process
Click Next to continue the process.
Certificate Enrollment - Identity
On the Identity page, enter the parameters of the certificate
to be issued. You can suggest a Common Name (e.g. John Smith),
Organization Unit (Marketing), Organization (SSH
Communications Security), Country (USA) and E-mail Address
(john.smith@ssh.com).
Figure : Type the parameters of the certificate
The certification authority can change these fields before issuing the
certificate. The certificate validity period and other parameters are
determined by the configuration of the CA software.
Please note that certificate enrollment requiring manual acceptance in the
CA software is not supported. You may be able to compensate for this with
PKCS #12 file importing.
Click Next to launch the Key Generation wizard. For
more information on the key generation process, see Section Key Generation Wizard.
Certificate Enrollment - Firewall
On the Proxy page, you can define the firewall and proxy
settings. If your local setup does not require these to be defined, the
fields can be left empty.
Figure : If firewall settings are not required, leave the fields empty
Click Next to continue.
Certificate Enrollment - CA
On the CA page, you can define the certification authority (CA) settings.
Figure : Defining the Certificate Authentication settings
On the CA page, fill in the following fields:
- CMP Service URL
Type in the address of the server that provides the Certificate
Management Protocol (CMP) service.
- Discover
Click Discover to attempt automatic detection of available
certification authority services and CA certificates. The found CA
services will be listed in the text field and can be selected from the
drop-down menu.
Please note that not all systems support the automatic detection functionality.
- CA Certificate
This drop-down menu will show the CA certificates that were
found on the selected CMP service. Select a CA certificate from the
list.
Alternatively, you can directly type in the file name of the
certificate, or select the file by clicking the button on the right-hand
side of the file name field. The Select CA Certificate
dialog opens, allowing you to locate the certificate file.
- View
Click the View button to display the contents of the current certificate.
- Retrieve CA Certificates from CA URL
Select the desired CA URL from the drop-down list and click
Retrieve CA Certificates from CA URL to retrieve the CA
certificates from the selected CA address.
- Reference Number
Type in the reference number.
- Key
Type in the key information.
Click Next to continue.
Certificate Enrollment - Enrollment
The actual enrollment takes place on the Enrollment page. This
may take some time, and the exact duration depends on the amount of network
traffic among other factors.
When the process has finished, click Finish to continue.
[Contents]
[Index]
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice
|
