Certificate Management

Next: WebMail Configuration Up: Virtual Host Management Previous: Directory Indexing Contents Index

Certificate Management

There are two types of certificates: "self-signed" certificates and "signed" certificates. A "signed" certificate is issued by a Certificate Authority (CA) such as Verisign or Thawte. A "self-signed" certificate is simply a certificate that has not been issued by a CA. This provides the authentication part of the process, because the certificate has been signed by an external authority.

All of the certificate management can be done in the WebTool. You should not do any of this by hand unless you have a very good idea of what you're doing, since if it is done incorrectly it will cause the Web server to fail. As was said above, the certificate and key are a pair. If for some reason the certificate and key that are in place do not "match" each other then the Web server will fail to start. If the Web server fails to start then all of the other sites on the machine are inaccessible.

$\includegraphics[]{images/CM-Main.eps}$

The Certificate Management section will allow you to configure your SSL certificate. This option will only be available if the virtual host you are editing has SSL enabled. Once at this menu you will be presented with three options which are each discussed below.

Generate Certificate and Key

$\resizebox*{4.4in}{!}{\includegraphics{images/CM-New.eps}}$

Here you will see a screen similar to the certificate generation screen when creating a virtual host. All the fields are required. Upon completion of this form you a self-signed certificate and key pair will be created for the site. A description of each field is given below:

Authority Name: The authority name is the name the server the certificate will be used on. For example www.guardiandigital.com or as in the example above, lockbox.guardiandigital.com.
E-Mail Address: The e-mail address for the contact in control of this certificate should be entered here. An example would be ca@guardiandigital.
com or as in the example above, admin@lockbox.guardiandigita
l.com.
Department: Here you can enter in the name of the department this certificate will be used in. An example would be E-Commerce.
Organization: This is the name of the organization who owns the certificate. In the example above Guardian Digital, Inc. is used.
City: This field requires you enter the name of the city in which the organization resides. You must enter in the full name of the city. In the example above Upper Saddle River used.
State or Providence: Here you will need to enter in the state in which your organization resides. You must enter the full name of the state, not an abbreviation. In the example above New Jersey used.
Country: Enter in the country in which the organization resides in this field. This requires an abbreviated name for the country, not the full name as in the previous two fields. In the example above US was used.

When all the fields are completed click the Generate Key button to create the certificate and key. You must now go back to the previous screen and click the Restart Web Server button for the changes to be activated.

Generate Certificate Signing Request

A Certificate Signing Request (CSR) is what is sent to a Certificate Authority (CA), such as Verisign or Thawte to request a signed certificate for your site. This section will allow you to create one to be submitted. The form looks similar to the Generate Certificate and Key form above. You can refer to the previous section above, Generate Certificate and Key for a description of each of the fields.

There is however, one new field, Create New Certificate/Key Pair. If this option is selected it will create a new certificate and key with the information you filled in. It will then allow you to download the certificate to be signed. If you wish request a new certificate because your old one has expired then d not select the Create New Certificate/Key Pair.

[NOTE:]This new certificate will not be used on the site until you upload it. It is meant to be signed by a Certificate Authority.

$\resizebox*{4.4in}{!}{\includegraphics{images/GenCSR.eps}}$

Once you have all the fields filled in you can click the Generate Certificate button and you will be presented with your certificate.

Enter Certificate and Key

$\resizebox*{4.4in}{!}{\includegraphics{images/CM-Upload.eps}}$

If you already have a certificate and a key or have sent a CSR to a CA and have received the signed certificate back, then you would want to upload it here from your local machine. This section will present you with your current SSL Certificate and give you the ability to upload a new certificate and key.

If you have a certificate and key in place then it shows you four things:

[Fingerprint:]This is the unique ID of the certificate
[Valid:]This is the data range for which the certificate is valid.
[Subject:]This is who the certificate is fore
[Issuer:]This is who has signed the certificate.

Clicking the Browse... button will allow you to browse through the files on your local machine and select the certificate and key. You can then click the Save button to save the certificate and key to the server.

Next: WebMail Configuration Up: Virtual Host Management Previous: Directory Indexing Contents Index

docs@guardiandigital.com 2002-12-16