Creating Certificates
Once a key pair is generated then the public key can be certified. The main table within Service Keys shows whether or not a particular public key is already certified or not. To generate a new certificate select a key pair and press the Certificates button. The following screen will then be shown:
In this screen the main details of the key pair are repeated at the head of the page, e.g. Key Alias, Key Algorithm details etc. If an existing certificate got renewed then it's old certificate will be marked revoked and a new certificate will be generated, in order to check the latest and revoked certificates for a particular key, just expand the certificate by clicking on '+' button then all the old revoked certificates will be shown as child.
Note the same public key can be certified multiple times. The following methods are available for the certification of the public key:
- Enable/Disable Auto Renew of the certificates to get them renewed before the time of their expiry
- Renew Certificate manually
- Generate a CSR/certificate request message which can be certified by:
- The Local CA module of ADSS Server - see Manage CAs for details of how to set up a Local CA
- Generate a self-signed certificate
- An external offline or online CA
Each of the above case is discussed one-by-one in the sections that follows.
The buttons "Enable/Disable Auto Renew" and "Renew Certificate", these options are not available for Self-Signed certificates and the certificates issued by an Offline CA.
See also