Create a root certificate & server certificates, Summary, User’s guide – APC Battery Management System User Manual

®

USER’S GUIDE

Battery Management System

131

Create a Root Certificate & Server Certificates

Summary

Use this procedure if your company or agency does not have its own
Certificate Authority and you do not want to use a commercial
Certificate Authority to sign your server certificates.

• Create a CA root certificate that will be used to sign all server

certificates to be used with Battery Management Systems. During this
task, two files are created.

– The file with the

.p15

extension is an encrypted file which contains

the Certificate Authority’s private key and public root certificate. This
file signs the server certificates.

– The file with the

.crt

extension, which contains only the Certificate

Authority’s public root certificate. You load this file into each Web
browser that will be used to access the Battery Management
System so that the browser can validate the server certificate of the
Management Card.

• Create a server certificate, which is stored in a file with a .

p15

extension. During this task, you are prompted for the CA root certificate
that signs the server certificate.

• Load the server certificate onto the Battery Management System.
• For each Battery Management System that requires a server

certificate, repeat the tasks that create and load the server certificate.

The public RSA key that is part of a certificate generated by
the APC Security Wizard is 1024 bits. (The default key
generated by the Management Card, if you do not use the
Wizard, is 768 bits.)