11.3.7.1. The command bar

The command bar contains various operations that can be performed with CAs. Some of them require a CA to be selected from the information window, in this case the given operation will be performed on the CA selected.

  • New CA: Create a new local Certificate Authority. For details, see Procedure 11.3.7.2, Creating a new CA.

  • Import: Import a CA certificate from a PEM, DER, or PKCS12 formatted file.

  • Export: Export the certificate of the selected CA into file in PEM, DER, or PKCS12 format. The PKCS12 format is only available for internal CAs.

  • Owner: A CA available on a site can be made available on all sites managed by MS by clicking this button and checking the Available on all sites checkbox. This has the same effect as checking the corresponding checkbox when creating a new CA.

    Warning

    This operation cannot be reversed or undone.

  • Self sign: Self-sign the CSR of the selected local CA. Only certificates not yet signed by a CA can be self-signed.

    Note

    Local root CAs could be created by self-singing a so far unsigned CSR of a Trusted CA.

  • CRL settings: Set the parameters for refreshing the CRL of the selected external CA. Parameters to set are:

    • Refresh base: At what time should the retrieval of the CRL be started.

    • Refresh interval: How often should the CRL be retrieved.

      By setting the Refresh base to 00:00 and the Refresh interval to 04:00, the CRL will be downloaded every four hours, starting from midnight.

    • Refresh URL: Location of the CRL to be retrieved. The CRL can be downloaded through HTTP.

      Note

      It is very important to set the refresh URL, otherwise the validity of the certificates issued by the CA cannot be reliably verified. The CRL should be downloaded and automatically distributed regularly.

    • File format: File format of the CRL to be downloaded (PEM or DER).

  • Password: Change the password of the selected local CA.

  • Revoke: Revoke the certificate of the selected local CA that was signed by another local CA. Self-signed CA certificates cannot be revoked this way. For details, see Procedure 11.3.8.3, Revoking a certificate.

  • Delete: Delete the selected certificate. For details, see Procedure 11.3.8.4, Deleting certificates.

Previous Up Next
 Home