User Tools

Site Tools


serts50

Certificates

General Information

SSL (Secure Sockets Layer) is a cryptographic protocol which ensures secure connection between client and server. The protocol ensures confidentiality of the data exchange between client and server that use TCP/IP, and for ciphering the asymmetric algorithm with an open key is used. A ciphering with an open key requires two key and any one of them can be used to cipher the message. This way, if one key is used for ciphering, the other therefore will be used for deciphering. In such case you can receive protected messages, by publishing the open key for anyone to use, and keeping the other one in secret. For SSL to work, it is needed to have a SSL-certificate on the server.

Digital certificate — provided by a certified organization digital or analog document that confirms that the owner obtains the public key or any of the attributes. It works the following way:

  1. Client initiates the connection.
  2. Server sends a digital certificate as a response. If client authentication is required, server can ask for a client’s certificate as well.
  3. Client check the server’s ID, and, if needed, sends his ID as well.
  4. After the authentication process the client sends to the server a session key, which is encrypted with the open key of the server.
  5. Using the key the protected connection is established and the data stream starts between client and server.

In the “Certificates” section there is a list of all SSL-certificates that ICS CUBE uses.

As usual, the list is shown as a tree, and the module is divided into columns which contain main information about the certificates: key type of the parent certificate, beginning of validity date and expiration date, and also the hostname (or ip-address) which this certificate presents. You can also export created certificates or import the external ones using the “Export” and “Import” buttons, and also to see full information about the sertificate with the “View certificate” button.

Creating certificates

To create a new SSL-certificate, press “Add” - “Certificate”.

First you need to fill the certificate information - name, country code, location, information about the organisation, hostname or ip-address. Then in the “Settings” tab the certificate role is defined - CA (root) or end, the ciphering method is defined, and also the duration time and key length in bits. Important: the root certificate must always be created first, then - end-user certificates! ICS CUBE services (except SSL-filtering) use only end-user certificates. Please, note, that incorrect certificate usage may make them unavailable for a user!

After that you need to go to the “Key use” tab and choose the appropriate template from the list. Template will automatically set all the certificate parameter flags for the role you choose. If you are an experienced system administrator, you can set the flags yourself. The “Netscape” tab allows to set additional netscape-extensions for the certificate.

After pressing the “Add” button ICS CUBE will suggest to protect the key with a password. You can either set a password or choose not to use one.

Important: for ICS CUBE services only certificates without passwords are used.

serts50.txt · Last modified: 2019/04/01 14:43 by root