Ca certificate list, Viewing the ca certificate list section, Ca certificate list section components – HP Secure Key Manager User Manual

Page 166

Advertising
background image

Description

Component

Local CAs can be one of two types: Self-signed root CA, or Intermediate CA Request.
When you create a self-signed root CA, you must also specify a CA Certificate Duration
and a Maximum User Certificate Duration, which become valid once you click Create.
Once you create a self-signed root CA, you must add it to the trusted CA list for it to
be recognized by the KMS Server. When you create an intermediate CA request,
you must sign it with either an existing intermediate CA or your organization's root
CA. Certificates signed by the intermediate CA can be verified by that same interme-
diate CA, by the root itself, or by any intermediate CAs that link the signing CA with
the root. This enables you to de-centralize certificate signing and verification. When
creating an intermediate CA request, you must also specify a Maximum User Certificate
Duration when installing the certificate response. This duration cannot be longer than
the signing CA's duration.

Certificate Authority
Type

Period of time for which the local CA is valid. Specify a value in days. This value must
be more than the Maximum User Certificate Duration.

CA Certificate Dura-
tion

Period of time for which certificates signed by the local CA are valid. Specify a value
in days. This value must be less than the CA Certificate Duration.

Maximum User Certi-
ficate Duration

Click Create to create the CA. Once created, the new CA appears as CA certificate
active. A newly generated CA remains active for five years.

Create

CA Certificate List

This portion of the Known CAs tab presents the list of CAs that are recognized by the SKM. These
include well–known CAs, such as VeriSign, Thawte, and others. You can add and remove common
CAs as necessary.

The CA Certificate List section is shown here.

Figure 91 Viewing the CA Certificate List section

The following table describes the components of the CA Certificate List section.

Table 71 CA Certificate List section components

Description

Component

Displays the certificate name. Click this link to view the CA certificate information.

Certificate Name

Displays the certificate issuer and expiration date.

Certificate Information

Using the Management Console

166

Advertising
Popular Brands
Popular manuals