Used to generate, request, display, remove, import and export certificates
stored in the Keystore.
List Form
Actions
GENERATE
|
Used to generate a new self-signed Certificate.
|
REQUEST
|
Used to create a Certificate Signing Request (CSR) from the selected
Certificate.
If a Certificate has not been selected an error will be displayed.
|
DISPLAY
|
Used to display the selected Certificate.
If a Certificate has not been selected an error will be displayed.
|
REMOVE
|
Used to remove the selected Certificate.
If a Certificate has not been selected an error will be displayed.
|
IMPORT
|
Used to import a Certificate into the Keystore.
|
EXPORT
|
Used to export an existing Certificate.
If a Certificate has not been selected an error will be displayed.
|
SAVE
|
Used to save changes made and to return to the Control Panel form.
|
CANCEL
|
Used to discard changes made and to return to the Control Panel form.
|
HELP
|
Used to display online help for this form.
|
Entry Form
Fields
Alias
|
The case-insensitive name used to identify the Certificate in the Keystore.
|
Key Algorithm
|
The key-pair generation algorithm, [DSA|RSA].
RSA is the default.
While DSA and RSA are key-pair generation algorithms are both
supported, most Web browsers only support RSA.
The Key Signature Algorithm is derived from the Key Algorithm. MD5
is used for RSA and SHA1 for DSA.
|
Key Size
|
The number of bits of the keys.
1024 is the default.
The Key Size for DSA key-pairs must be greater then 512 and
less than 1024 and must be a multiple of 64.
The larger the key size the harder it is to crack and the greater the
negative impact on performance.
|
Validity
|
The number of days that the key will be valid.
|
Common Name
|
The name of the site or individual requesting the Certificate.
|
Organization
|
The name of the organization requesting the Certificate.
NONE is none.
|
Organization Unit
|
The name of the department requesting the Certificate.
NONE is none.
|
City/Locality
|
The name of the city or locality where the entity requesting the Certificate
is located.
|
State/Province
|
The name of the State or Province where the entity requesting the Certificate is located.
|
Country
|
A country from the list of countries of the entity requesting the
Certificate.
|
Actions
OK
|
Used to accept data entered, to generate the Certificate and to return to the
Certificates form.
|
CANCEL
|
Used to discard data entered and to return to the Certificates form.
|
HELP
|
Used to display online help for this form.
|
Import Form
Fields
Alias
|
The case-insensitive name used to identify the Certificate in the Keystore.
|
File Name
|
The file on the local file system containing the X.509 reply certificate or
reply certificate chain that will be imported.
Reply certificates must be in a binary format or in a Base64 encoded format
embedded in
-----BEGIN CERTIFICATE----
and
-----END CERTIFICATE-----.
Reply certificate chains must be in a PKCS#7 binary format or a PKCS#7 Base64
encoded format embedded in
-----BEGIN PKCS #7 SIGNED DATA-----
and
-----END PKCS #7 SIGNED DATA-----.
|
Check cacerts
|
Whether to check CA certificates keystore,
java_dir/lib/security/cacerts.
|
Ignore Warnings
|
Whether to ignore warning and import the certificate.
Normally warnings such as
"certificate already exists under a different alias"
and
"certificate is not trusted"
prevents a certificate from being imported. If Ignore Warnings is
checked these warnings will be ignored and the specified certificate will
be imported.
|
Actions
Browse...
|
Used to select the local file.
|
OK
|
Used to accept data entered, to import the Certificate and to return to the
Certificates form.
|
CANCEL
|
Used to discard data entered and to return to the Certificates form.
|
HELP
|
Used to display online help for this form.
|
Notes
Changes made will not be used until the server is restarted.
Requires that iws_dir/classes/optional.jar be
present in the CLASSPATH.
The Certificate Administrator only accepts tele-type printable characters
[ A-Z, a-z, 0-9, `~!@#$%^&*()-_=+\|[{]};:'", <.>/? [.
Some of the accepted characters, such as comma and slash, must be prefixed by
\. Finally, not all Certificate Authorities allow the complete list of
tele-type printable characters in request certificates.
The following steps outline the Certificate Process:
- Generate a new Self-Signed Certificate by clicking on the GENERATE
button, entering the required information and submitting the form.
- Optionally, use the following steps to install a Certification Authority
(CA) certificate.
- Import any necessary root CA certicate into cacerts by opening an
MS-DOS Prompt or Linux/Solaris/Unix shell prompt and entering:
keytool -import -alias alias -keystore keystore -file filename -storepass password
alias
|
the alias name of the root CA certificate.
|
filename
|
the directory path and name of the file containing the root CA certificate.
|
java_dir
|
the directory where Java was installed
|
keystore
|
java_dir/jre/lib/security/cacerts for Windows 9x/Me/NT/2000/2003/XP
and Linux/Solaris/Unix and java_dir/lib/security/cacerts for
Novell Netware
|
password
|
the keystore password,
normally changeit
|
- Generate a Certificate Signing Request (CSR) for the Self-Signed
Certificate by clicking the REQUEST button on Servertec Internet
Server Administrator - Certificates.
- Submit the CSR to a CA.
Entrust,
Thawte,
and VeriSign
are popular Certification Authorities.
- Import the Response Certificate overwriting the original Certificate
by clicking IMPORT button on Servertec Internet Server
Administrator - Certificates, using the same Alias as the Self-Signed
Certificate and pressing, entering the File Name of the file containing
the Response Certificate selecting the Check cacerts and
Ignore Warnings and clicking on the OK button.
Use the following steps to install a client CA certificate for the
server's certificate on each computer that stop_iws,
restart_iws, iwsSSLCommand and iws will be used on.
- Export the certificate by clicking the EXPORT button in the
Administrator - Certificates.
- Open an MS-DOS Prompt or Linux/Solaris/Unix shell prompt and enter:
keytool -import -alias alias -keystore java_dir/jre/lib/security/cacerts -file cert_dir/alias.cer -storepass password
alias
|
the alias name of the certificate,
normally mykey
|
cert_dir
|
the directory where the certificate was exported to
|
java_dir
|
the directory where Java was installed
|
password
|
the keystore password,
normally changeit
|
Servertec Internet Server Certificate Administrator will only import
Response Certificates that contain a complete Certificate Chain or Response
Certificates whose Certificate Chain can be established using an existing
Root CA Certificate.
Certificate Administrator requires Java 1.3.0 or later.
Generation and importation of Certificates are CPU intensive operations and
my take a couple of minutes to complete.
Servertec Internet Server's Certificates can also be maintained using
JavaSoft's keytool included with Java 2.
Unlike other Administrator forms, GENERATE, REMOVE and
IMPORT immediately change the Keystore without having to SAVE.
|