Print

Creating a server certificate request for AE Services

About this task

In the AE Services Management Console, use this procedure to create a server certificate request (also referred to as a certificate signing request, or CSR) for the AE Services server. This procedure generates a certificate signing request which includes a private key.

Procedure

  1. From the browser on your AE Services administrative workstation, log in to the AE Services Management Console.
  2. Select Security > Certificate Management > Server Certificates.
  3. On the Server Certificate pages, click Add.
  4. To complete the Add Server Certificate page, see the Add Server Certificate field description.
    1. From the Certificate Alias list box, select the certificates alias:
      • aeservices refers to the AE Services: CVLAN, DLG, DMCC, and TSAPI.

      • web refers to Apache and Tomcat.

      • ldap refers to LDAP.

      • server refers to all (aeservice, web, and ldap).

    2. Leave the Create Self-Signed Certificate check box unchecked (the default).
    3. Leave the Enrollment Method set to Manual (the default).
    4. In the Encryption Algorithm field, select 3DES.
    5. In the Password field, type the password of your choice.
    6. In the Key Size field, accept the default 1024.
    7. In the Certificate Validity field, accept the default, 1825.
    8. In the Distinguished Name field, type the LDAP entries required by your CA. These entries must be in LDAP format and they must match the values required by your CA. If you are not sure what the required entries are, contact your CA.

      Among the required entries will be the FQDN of the AE Services Server in LDAP format. Additionally you might need to provide your company name, your organization name and so on. Separate each LDAP entry with a comma, and do not use blank spaces, for example:

      cn=myaeserver.example.com,ou=myOrganizationalUnit,o=Examplecorp,L=Springfield,ST=Illinois,C=US

      noteNote

      Currently the Add Server Certificate page in the AE Services Management Console does not support using commas within a DN attribute (for example: o=Examplecorp, Inc).

    9. In the Challenge password and Re-enter Challenge Password fields, type the challenge password of your choice.
    10. In the Key Usage field, accept the default; by default nothing is selected.
    11. In the Extended Key Usage field, accept the default; by default nothing is selected.
    12. In the SCEP Server URL field, accept the default; by default this field is blank.
    13. In the CA Certificate Alias field, accept the default; by default this field is blank.
    14. In the CA Identifier field, accept the default; by default this field is blank.
  5. Click Apply.

    AE Services displays the Server Certificate Manual Enrollment Request page, which displays the certificate alias and the certificate request itself in PEM (Privacy Enhanced Mail) format. The certificate request consists of all the text in the box, including the header (-----BEGIN CERTIFICATE REQUEST -----) and the trailer (-----END CERTIFICATE REQUEST-----).

  6. Copy the entire contents of the server certificate, including the header and the trailer. Keep the contents available in the clipboard for the next procedure.