Create a Certificate

About this task

Use the Certificate Management screen to create new self-signed certificates. Self-signed certificates (often referred to as root certificates) do not use public or private CAs. A self-signed certificate is a certificate signed by its own creator, with the certificate creator responsible for its legitimacy.

To create a self-signed certificate that can be applied to a managed device:

Procedure

  1. Select the Create Certificate tab.
    Click to expand in new window
    Certificate Management - Create Certificate Screen
  2. Define the following parameters in the Create New Self-Signed Certificate area:
    Certificate Name Enter the 32-character maximum name assigned to identify the name of the trustpoint associated with the certificate. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters, and an association with an enrolled identity certificate.
    RSA Key Select Use Existing and use the drop-down menu to set the key used by both the controller or service platform and the server (or repository) of the target RSA key

    Optionally, select Create New to enter a 32-character maximum name used to identify the RSA key. Set the size of the key to either 1,024 or 2,048 bits. We recommend leaving this value at the default setting of 2,048 to ensure optimum functionality.

  3. Set the following Certificate Subject Name parameters required for the creation of the certificate:
    Certificate Subject Name Select either auto-generate to automatically create the certificate's subject credentials or user-configured to manually enter the credentials of the self-signed certificate. The default setting is auto-generate.
    Country (C) Define the country used in the certificate. The field can be modified by the user to other values. This is a required field and must not exceed 2 characters.
    State (ST) Enter the state or province name used in the certificate. This is a required field.
    City (L) Enter a city to represent the city used in the certificate. This is a required field.
    Organization (O) Define the organization represented in the certificate. This is a required field.
    Organizational Unit (OU) Enter the organization unit represented in the certificate. This is a required field.
    Common Name (CN) If there is a common name (IP address) for the organizational unit issuing the certificate, enter it here.
  4. Select the following Additional Credentials required for the generation of the self-signed certificate:
    Email Address Provide an email address used as the contact address for issues relating to this certificate request.
    Domain Name Enter a fully qualified domain name (FQDN): an unambiguous domain name that absolutely specifies the node's position in the DNS tree hierarchy. To distinguish an FQDN from a regular domain name, a trailing period is added – for example, somehost.example.com. An FQDN differs from a regular domain name by its absoluteness, as a suffix is not added.
    IP Address Specify the IP address used as the destination for certificate requests. Only IPv4 formatted IP addresses are permitted. IPv6 formatted addresses are not permitted.
  5. Click Generate Certificate to generate the certificate.