The Command bar of the PKI management window contains the different commands that can be issued for the certificate or the CA selected.
The available commands are:
Note It is possible to multi-select a number of certificates for this activity, that is to sign multiple internal CAs or CSRs at once.
Tip It is recommended to regenerate the keys as well when refreshing a certificate for any reason.
MS distributes certificate entities, that is, when distributing certificates the corresponding CRLs are automatically distributed as well.
: It is available only for CAs. The CRL of the CA is valid until the time specified. The refreshed CRL will only be used on the managed hosts after distribution.Note Self-signed certificates (that is, certificates of local root CAs) cannot be revoked.
Note It is possible to multi-select a number of certificates for the Revoke activity. However, if the Issuer of the selected certificates is not the same, the Revoke button will not be active.
Note If any certificate selected for Revoke is in use in the current configuration, a warning will be displayed to inform the administrator. It is important that in case a certificate is in use, it cannot be revoked. If the certificate in use is part of a multiple selection of certificates for the Revoke activity, none of the selected certificates will be revoked.
If any of the certificates selected for Revoke is used in the configuration, a similar warning is displayed:
The table below briefly summarizes the CAs created and used by default in PNS.
Name of the CA | Purpose |
---|---|
MS_Root_CA
| The Root CA of PNS is used to sign certificates of all other local CAs in PNS. |
MS_Engine_CA
| It signs the certificate of the MS engine. |
MS_Agent_CA
| It signs the certificates of the transfer agents. |
Table 11.1. Default CAs and their purpose
For details on configuring agent and engine certificates, please refer to Chapter 13, Advanced MS and Agent configuration.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu