Creating a self-signed certificate, Installing a certificate – HP Secure Key Manager User Manual

9.

Paste the certificate request into the Certificate Request field. Select Client as the Certificate Purpose,

specify a Certificate Duration and click Sign Request. The newly-activated certificate displays on a

new page.

10.

Copy the certificate text.

11.

Navigate back to the Certificate List section.

12.

Select the certificate request and click Properties to access the Certificate Request Information section.

13.

Click Install Certificate.

14.

Paste the text of the signed certificate into the Certificate Response field.

15.

Click Save. When you return to the main Certificate Configuration page, the certificate request is

now an active certificate. If the certificate is for a client application, please see the appropriate

developer guide for instructions on installing the client certificate.

Creating a self-signed certificate

The SKM allows you to test self-signed certificates. This allows you to avoid getting a certificate request

signed by a local CA, or a CA on another SKM. Self-signed certificates can be presented to client

applications just like any other certificate.

IMPORTANT:

A self-signed certificate should be used for testing purposes only. Any attempt to connect with an SKM

using a test self-signed certificate sends a warning to the client browser.

To create a self-signed certificate:

1.

Log in to the Management Console as an administrator with Certificates access control.

2.

Navigate to the Create Certificate Request section of the Certificate and CA Configuration page

(Security > Certificates).

3.

Enter the Certificate Name, Common Name, Organization Name, Organizational Unit Name,

Locality Name, State or Province Name, Country Name, Email Address, and Key Size for the

certificate.

4.

Click Create Certificate Request. The certificate request will appear in the Certificate List section on

the top of the page.

5.

Select the certificate request and click Properties to access the Certificate Request Information section.

6.

Click Create Self Sign Certificate.

7.

Enter the duration for which the certificate will be valid in the Certificate Duration field.

8.

Click Create. The SKM performs the following steps:
a. The certificate request is copied into a new certificate request called <certificate_name>–selfsign.
b. The SKM transforms <certificate_name> –selfsign into an active certificate by generating a

self-signed certificate.

c. The self–signed certificate is presented as an Active Certificate in the Certificate List.

NOTE:

The SKM keeps time based on the universal standard of GMT/UTC and provides for clock error up to

one full day difference from the date of the certificate start.

Installing a certificate

Prior to installing a certificate, you must have a copy of the certificate response from the CA.

Secure Key Manager

51