Certificate Creation

The Certificate Management screen provides the facility for creating new self-signed certificates. Self-signed certificates (often referred to as root certificates) do not use public or private CAs. A self-signed certificate is a certificate signed by its own creator, with the certificate creator responsible for its legitimacy.

To create a self-signed certificate:

  1. Click the Launch Manager button from the SSH RSA Key section.

    The Certificate Management screen displays, with the Manage Certificates tab selected by default. This screen displays all existing trustpoints.

  2. Select the Create Certificate tab.

    The Create Certificate screen displays.

    Click to expand in new window
    Create Certificate Window
  3. Set the following Create New Self-Signed Certificate configuration parameters:

    Certificate Name

    Enter the 32 character maximum name assigned to identify the name of the trustpoint associated with the certificate. A trustpoint represents a CA/ identity pair containing the identity of the CA, CA-specific configuration parameters, and an association with an enrolled identity certificate.

    Use Existing

    Select this option to use an existing RSA key. Use the drop-down menu to select the existing key used by both the device and the server (or repository) of the target RSA key.

    Create New

    Select this option to create a new RSA key. Provide a 32 character name to identify the RSA key. Use the spinner control to set the size of the key (from 2,048 or 4,096 bits). It is recommended leaving this value at the default setting (2048) to ensure optimum functionality. For more information on creating a new RSA key, see RSA Key Management.

  4. Set the following Certificate Subject Name parameters required for the creation of the certificate:

    Certificate Subject Name

    Select either the auto-generate radio button to automatically create the certificate's subject credentials or select user-configured to manually enter the credentials of the self signed certificate.


    The default setting is autogenerate.

    Country (C)

    Define the Country of deployment for the certificate. The field can be modified by the user. This is a required field and must not exceed 2 characters.

    State (ST)

    Enter a State for the state or province name used in the certificate. This is a required field.

    City (L)

    Enter a City to represent the city name used in the certificate. This is a required field.

    Organization (O)

    Define an Organization for the organization used in the certificate. This is a required field.

    Organizational Unit (OU)

    Enter an Organizational Unit for the name of the organization unit used in the certificate. This is a required field.

    Common Name (CN)

    If there is a common name (IP address) for the organizational unit issuing the certificate, enter it here.

  5. Set the following Additional Credentials required for the generation of the self-signed certificate:

    Email Address

    Provide an E-mail address used as the contact address for issues relating to this certificate request.

    Domain Name

    Enter a FQDN (fully qualified domain name) as an unambiguous domain name that specifies the node's position in the DNS tree hierarchy. To distinguish an FQDN from a regular domain name, a trailing period is added. For example, somehost.example.com. An FQDN differs from a regular domain name by its absoluteness, since s a suffix is not added.

    IP Address

    Specify the IP address used as the destination for certificate requests.

  6. Select the Generate Certificate button at the bottom of the screen to generate the certificate.