17.2 Managing Server Certificates

Using the Server Certificate Management module, the administrator can perform the following tasks:

17.2.1 Creating Server Certificate Objects

To create a server certificate object, perform the following steps:

  1. Click Certificate Management > Server Certificate Management options from the Identity Console landing page.

  2. Click the icon.

  3. In the Create Server Certificate page, specify a Nickename, server and select anyone of the following options:

    • Standard (Default Parameters): Allows you to create a default server certificate object of type RSA or ECDSA.

    • Custom (User Specified Parameters): Allows you to specify the custom parameters for the server certificate object.

    • Import (Allows to Import a PKCS12 File): Allows you to import a PKCS12 file in .pfx or .p12 format.

  4. After specifying the parameters, click Next to review the summary of the certificate.

  5. In the Summary screen, click OK to create a server certificate object.

17.2.2 Exporting Server Certificate Objects

To export server certificate objects, perform the following steps:

  1. Click Certificate Management > Server Certificate Management options from the Identity Console landing page.

  2. Select the appropriate server from the drop-down list.

  3. Select the appropriate server certificate from the list and click the icon.

  4. In the next screen, select check box for Export Private key and specify a password to protect the private key. Confirm the password and select the export format.

    NOTE:Server certificates can be exported in PKCS12 format only.

  5. Click OK to export the server certificate object.

17.2.3 Validating Server Certificate Objects

To validate a server certificate object, perform the following steps:

  1. Click Certificate Management > Server Certificate Management options from the Identity Console landing page.

  2. Select the appropriate server from the drop-down list.

  3. Select the appropriate server certificate from the list and click the icon.

  4. A confirmation appears indicating a successful validation of the server certificate object.

17.2.4 Replacing a Server Certificate Object

If the server certificates become corrupt or invalid for some reason, or if you just want to replace the existing default certificates, perform the following steps:

  1. Click Certificate Management > Server Certificate Management options from the Identity Console landing page.

  2. Select the appropriate server from the drop-down list.

  3. Select the appropriate server certificate from the list and click the icon.

  4. Read and understand the risk involved with replacing server certificates and click OK.

  5. In the next screen, browse and select the new server certificate in .pfx or .p12 format and specify a password.

  6. Click OK to replace the server certificate.

17.2.5 Revoking Server Certificate Objects

To revoke a server certificate object, perform the following steps:

  1. Click Certificate Management > Server Certificate Management options from the Identity Console landing page.

  2. Select the appropriate server from the drop-down list.

  3. Select the appropriate server certificate from the list and click the icon.

  4. Read and understand the risk involved with revoking server certificates and click OK.

  5. In the next screen, select a valid reason for revocation from the drop-down list, select the invalidity date and specify any other comment.

  6. Click OK to finish the revocation.

17.2.6 Deleting Server Certificate Objects

To remove server certificate objects, perform the following steps:

  1. Click Certificate Management > Server Certificate Management options from the Identity Console landing page.

  2. Select the appropriate server from the drop-down list.

  3. Select the appropriate server certificate from the list and click the icon.

  4. In the next screen, click OK.

  5. A confirmation appears indicating a successful deletion of the server certificate object.

Figure 17-2 Managing Server Certificates