11.3.7.2. Procedure – Creating a new CA
Navigate to the tab of the , and click on .
Enter the required parameters for the subject of the new CA's certificate. It is recommended to give a descriptive common name to the CA, to make it easier to remember its function.
Select the encryption algorithm and key length to be used.
Tip The key of the CA certificate should be longer than the ones that will be issued by the CA, for example, if the CA will be used to sign certificates having 1024 bit keys, the key of the CA certificate should be at least 2048 bit long.
Select the signature digest (hash) method to be used.
Tip Use of the SHA1 algorithm is recommended, as it is considered to be more secure and not significantly more computation intensive.
Provide a password to protect the private key of the CA. This is required so that only authorized users can sign certificates.
Click on , and specify for which purposes will the certificate be used.
Note The use of extensions is optional.
When creating a local root CA, check the checkbox and specify the validity period of the certificate.
Tip If the CA is to be available on every site managed, do not forget to check the appropriate checkbox when creating the New CA.
Warning Making a CA certificate available on all sites cannot be reversed, that is, once CA has been made available on all sites, later it cannot be limited to a single site.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
