beautypg.com

Ca certificate list – HP Secure Key Manager User Manual

Page 151

background image

Table 69 Create Local Certificate Authority section components

Component

Description

Certificate Authority

Name

Internal name of newly generated certificate authority. This name will be used when

referring to this CA in other parts of the administrative interface.

Common Name

Common name of new CA.

Organization Name

Name of the organization that owns this certificate authority.

Organizational Unit

Name

Name of unit within the organization generating the certificate authority.

Locality Name

Name of city where CA is created.

State or Province

Name

Name of state where CA is created.

Country Name

Two–letter name of country where request is issued.

Email Address

E–mail address of person creating the CA.

Key Size

Size of key being generated. The SKM supports bit sizes 1024 and 2048.

Certificate Authority

Type

Local CAs can be one of two types: Self-signed root CA, or Intermediate CA Request.

When you create a self-signed root CA, you must also specify a CA Certificate

Duration and a Maximum User Certificate Duration, which become valid once

you click Create. Once you create a self-signed root CA, you must add it to the

trusted CA list for it to be recognized by the KMS Server. When you create an

intermediate CA request, you must sign it with either an existing intermediate CA

or your organization’s root CA. Certificates signed by the intermediate CA can be

verified by that same intermediate CA, by the root itself, or by any intermediate CAs

that link the signing CA with the root. This enables you to de-centralize certificate

signing and verification. When creating an intermediate CA request, you must also

specify a Maximum User Certificate Duration when installing the certificate response.

This duration cannot be longer than the signing CA’s duration.

CA Certificate

Duration

Period of time for which the local CA is valid. Specify a value in days. This value

must be more than the Maximum User Certificate Duration.

Maximum User

Certificate Duration

Period of time for which certificates signed by the local CA are valid. Specify a value

in days. This value must be less than the CA Certificate Duration.

Create

Click Create to create the CA. Once created, the new CA appears as CA certificate

active. A newly generated CA remains active for five years.

CA Certificate List

This portion of the Known CAs tab presents the list of CAs that are recognized by the SKM. These

include well–known CAs, such as VeriSign, Thawte, and others. You can add and remove common

CAs as necessary.
The CA Certificate List section is shown here.

Secure Key Manager

151

See also other documents in the category HP Storage: