The proxy server has public key infrastructure mechanisms for generating, importing, using, and maintaining public key certificates. These include:
An appliance-specific certificate authority (CA) that automatically generates certificates for each assigned IP address and other appliance resources.
The appliance uses these auto-generated certificates for certain appliance-specific secure communications, such as obtaining filtering lists.
These can also be used for secure connections with browsers using appliance caching services. However, browsers won't recognize the appliance CA unless they are specifically configured to do so. This causes confirmation messages to be generated that can confuse users and cause them to not use the appliance's caching services.
Mechanisms for generating a certificate signing request (CSR) and storing issued certificates on the appliance.
Generating a CSR is the first step to obtaining a certificate from an external CA.
After you obtain certificates from one or more external CAs, you can use the appliance certificate maintenance features to monitor certificate status, back up certificates in case the appliance fails, and replace certificates when they expire.
This section discusses how to create and modify certificates using Novell® iChain®. The following topics are included: