16.1 Viewing Certificate Details

The Certificate Details page lists the properties of a certificate, such as certificate type, name, subject, and assigned keystores. The fields are not editable.

  1. Click Security > Certificates.

  2. Select one of the following:

    • Click the name of a certificate that is not in a CSR Pending state. The Certificate Details page contains the following information about the certificate:

      Field

      Description

      Issuer

      The name of the CA that created the certificate.

      Serial number

      The serial number of the certificate.

      Subject

      The subject name of the certificate.

      Valid from

      The first date and time that the certificate is valid.

      Valid to

      The date and time that the certificate expires.

      Devices

      The devices that are configured to hold this certificate on their file system and the keystore that holds them.

      Key size

      The key size that was used to create the certificate.

      Signature algorithm

      The signature algorithm that was used to create the certificate.

      Finger print (MD5)

      The certificate's message digest that was calculated with the MD5 algorithm. It is embedded into the certificate at creation time. It can be used to uniquely identify a certificate. For example, users can verify that a certificate is the one they think it is by matching this published MD5 fingerprint with the MD5 fingerprint on the local certificate.

      Finger print (SHA256)

      The certificate's message digest that was calculated with the SHA-256 algorithm. It is embedded into the certificate at creation time. It can be used to uniquely identify a certificate. For example, users can verify that a certificate is the one they think it is by matching a published SHA-256 fingerprint with the SHA-256 fingerprint on the local certificate.

      Subject Alternate Names: Critical

      Indicates whether an application should reject the certificate if the application does not understand the alternate name extensions. Any configured alternate names are displayed in the list.

      Key Usage: Critical

      Indicates whether an application should reject the certificate if the application does not understand the key usage extensions.

      Sign CRLs

      Indicates whether the certificate is used to sign CRLs (Certificate Revocation Lists).

      Sign certificates

      Indicates whether the certificate is used to sign other certificates.

      Encrypt other keys

      Indicates whether the certificate is used to encrypt keys.

      Encrypt data directly

      Indicates whether the certificate can encrypted data for private transmission to the key pair owner. Only the intended receiver can read the data.

      Create digital signatures

      Indicates whether the certificate can create digital signatures.

      Non-repudiation

      Indicates whether the certificate links a digital signature to the signer and the data. This prevents others from duplicating the signature because no one else has the signer’s private key. Additionally, the signer cannot deny having signed the data.

      CRL Distribution Points

      A list of Certificate Revocation List (CRL) distribution points that are embedded into the certificate as an extension at certificate creation time. Implementations search the CRL from each distribution point (the distribution point is usually a URI that points to a store of revoked certificates) to see whether a certificate has been revoked.

      Authority Info Access (OCSP)

      A list of Online Certificate Status Protocol (OCSP) responders that are embedded into the certificate as an extension at certificate creation time. Implementations query the OCSP responder to see whether a certificate has been revoked.

    • Click the name of a certification in a CSR Pending state. The following information is displayed:

      Subject

      The subject name of the certificate.

      Valid from

      The date and time that the request was generated.

      Valid to

      The date and time that the request expires.

      Devices

      No entries. A CSR cannot be assigned to a device.

      Key size

      The key size that was used to create the request.

      Signature algorithm

      The signature algorithm that was used to create the request.

      State

      Displays CSR Pending, indicating that the request has been generated.

      CSR data

      The certificate signing request data. You can either export this data or copy and paste it into CA’s request tool.

  3. (Conditional) For a certificate not in a CSR Pending state, select one of the following actions:

    Renew: Allows you to renew the certificate. For more information, see Section 16.3, Renewing a Certificate.

    Export Private/Public Keypair: Allows you to export private certificates to obtain a backup copy of the key, to move the key to a different server, or to share the key between servers. For more information, see Section 16.4, Exporting a Private/Public Key Pair

    Export Public Certificate: Allows you to export a public key certificate to a file. For more information, see Section 16.5, Exporting a Public Certificate.

    Add Certificate to Keystores: Allows you to assign the certificate to keystore so it can be used by Access Manager. For more information, see Section 16.2, Adding a Certificate to a Keystore.

  4. (Conditional) For a certificate in a CSR Pending state, select one of the following actions:

    Import Signed Certificate: Allows you to import the certificate that was generated for this request. For more information, see Section 15.5, Importing a Signed Certificate.

    Export CSR: Allows you to export the CSR to a CSR file.

    NOTE:Whenever the configuration store contains a Key Material Object (KMO) with a CSR in pending state, the KMO will not be exported by using the amdiagcfg script and not be backed up by using the ambkup script.