You can add and activate certificates for the appliance in the Digital Certificates tab. You can create your own certificate and then have it signed by a CA, or you can use an existing certificate and key pair.
IMPORTANT:In this section, you can only manage certificates for the Advanced Authentication appliance (port 9443). To change the certificates for the Advanced Authentication application (port 443), goto the Server Options tab in the Administration portal.
The appliance is shipped with a self-signed digital certificate. Instead of using this self-signed certificate, it is recommended that you use a trusted server certificate that is signed by a trusted certificate authority (CA) such as VeriSign or Equifax.
To change the digital certificate for appliance, perform the following tasks:
Log in to the Configuration Console as the root user.
Click Digital Certificates.
In the Key Store list, select Web Application Certificates.
Click File > New Certificate (Key Pair) and specify the following information:
Alias: Specify a name that you want to use to identify and manage this certificate.
Validity (days): Specify for how long you want the certificate to remain valid.
Key Algorithm: Select either RSA or DSA.
Key Size: Select the preferred key size.
Signature Algorithm: Select the preferred signature algorithm.
Common Name (CN): This must match the server name in the URL in order for browsers to accept the certificate for SSL communication.
Organization (O): (Optional) Large organization name. For example, My Company.
Organizational Unit (OU): (Optional) Small organization name, such as a department or division. For example, Purchasing.
Two-letter Country Code (C): (Optional) Two-letter country code. For example, US.
State or Province (ST): (Optional) State or province name. For example, Utah.
City or Locality (L): (Optional) City name. For example, Provo.
Click OK to create the certificate.
After the certificate is created, it is self-signed.
Make the certificate official, as described in Creating a New Self-Signed Certificate.
On the Digital Certificates page, select the certificate that you just created, then click File > Certificate Requests > Generate CSR.
Complete the process of emailing your digital certificate to a certificate authority (CA), such as Verisign.
The CA takes your Certificate Signing Request (CSR) and generates an official certificate based on the information in the CSR. The CA then emails the new certificate and certificate chain back to you.
After you have received the official certificate and certificate chain from the CA:
Revisit the Digital Certificates page.
Click File > Import > Trusted Certificate.
Click Browse and select the trusted certificate chain that you received from the CA, then click OK.
Select the self-signed certificate, then click File > Certification Request > Import CA Reply.
Click Browse and select the official certificate to be used to update the certificate information.
On the Digital Certificates page, the name in the Issuer column for your certificate changes to the name of the CA that stamped your certificate.
Activate the certificate, as described in Activating the Certificate.
When you use an existing certificate and key pair, use a .P12 key pair format.
Log in to the Configuration Console as the root user.
Click Digital Certificates.
In the Key Store menu, select JVM Certificates.
Click File > Import > Trusted Certificate.
Click Browse and select your existing certificate, then click OK.
Click File > Import > Trusted Certificate.
Click Browse and select your existing certificate chain for the certificate that you selected in Step 4, then click OK.
Click File > Import > Key Pair.
Click Browse and select your .P12 key pair file, specify your password if required, then click OK.
Continue with Activating the Certificate.
On the Digital Certificates page, in the Key Store list, select Web Application Certificates.
Select the certificate that you want to make active and click Set as Active, then click Yes.
Select the certificate and click View Info to verify that the certificate and certificate chains are created appropriately.
Click Close, when you have activated the certificate successfully.