Print

Add Server Certificate field descriptions

Add Server Certificate

Name Description
Certificate Alias The type of certificate alias.

The options are:

  • aeservices: refers to the AE Services: CVLAN, DLG, DMCC and TSAPI.

  • cmtls: refers to CM transport layer security.

  • web: refers to Apache and Tomcat.

  • ldap: refers to LDAP.

  • server : refers to all aeservices, web, and ldap.

  • rsyslog: refers to TLS connection for remote logging.

Enrollment Method The method of enrollment of the certificate.

The options are:

  • DES

  • 3DES

Certificate Key Parameters:

Name Description
Encryption Algorithm The data encryption standard (DES) used to encrypt the private key.

The options are:

  • The 3DES is the default setting.

  • The DES is less secure than 3DES and uses a 56 bit key size.

The default is 3DES.

Password Certificate key or private key password which is used to lock the certificate key.
Re-enter Password The certificate key password reentered.
Key Size The key length of the certificate key.
  • 1024 specifies a key length of 1024 bits.

  • 1536 specifies a key length of 1536 bits.

  • 2048 specifies a key length of 2048 bits.

  • 4096 specifies a key length of 4096 bits.

The default setting is 2048.

Signature Algorithm The appropriate signature algorithm.

The default is sha256.

Certificate Request Parameters:

Name Description
Certificate validity The number of days that indicate the lifetime of the certificate.

The default is 1825 days or 5 years.

Distinguished Name The LDAP entries required by your CA. These entries must be in LDAP format and they must match the values required by your CA. If you are not sure what the required entries are, contact your CA.

Among the required entries will be the FQDN of the AE Services Server in DNS format. Additionally you might need to provide your company name, your organization name and so on. Separate each LDAP attribute with a comma, and do not use blank spaces, for example:

cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Springfield,ST=Illinois,C=US

noteNote

If an LDAP name contains an attribute that has a comma within it, you must precede the comma with a backslash (\) when you enter the LDAP name in OAM.

Challenge Password Certificate key or private key password which is used to lock the certificate request.
Re-enter Challenge Password The certificate key password reentered for validation.
Key Usage Key description contained in the certificate.

Select one of the following:

  • Digital Signature.

  • Non-repudiation

  • Key encipherment

  • Data encipherment

  • Key agreement

  • Key certificate sign

  • Key encipherment

  • CRL sign

  • Encipher only

  • Decipher only

noteNote

To deselect a Key Usage selection, use Ctrl-Click.

Extended Key Usage
noteNote

To deselect a Extended Key Usage selection, use Ctrl-Click.

Purpose of the certificate. Select one of the following:
  • SSL/TLS Web Server Authentication

  • SSL/TLS Web Client Authentication

  • Code Signing

  • E-mail Protection (S/MIME)

SCEP Parameters:

Name Description
SCEP Server URL The URL of the CA’s SCEP or Simple Certificate Enrollment Protocol Server.
CA Certificate Alias The unique and descriptive name for the CA certificate.

This can be a name that you assign or a name that the CA assigns. If the CA has assigned the name, use that name.

CA Identifier The identification of the CA.
Button Description
Apply To apply the changes.

A server certificate request (CSR) is generated in pending state.

cautionCAUTION

AE Services permits only one server certificate at a time. If you install more than one server certificate and restart AE Services, the TR/87 service will fail to initialize.

Cancel To cancel the changes.