An external user certificate authority (CA) can be entered for PKI
authentication.
About this task
Note: Every CA is associated with a particular domain of authority that is called a realm. A CA
belonging to one realm is not trusted to issue certificates for devices or users in other realms to
minimize damage when a CA is compromised. The security of users or devices that belong to other
realms is not impacted.
Within the system, all devices must belong to a realm that uses the reserved name network. When a
CA is selected to be used for issuing device certificates, the CA is automatically associated with
the network realm. When a CA is used only for issuing user certificates, the name of the realm is
arbitrary and up to the Administrator to select.
Procedure
-
Select the Device or User Certificates to be
entered.
For a User CA, also enter the Realm, which must be provided by group
administrator. A Realm allows multiple independent logical PKIs and provides for an extra layer of
security.
-
Paste the PEM-encoded X.509 certificate into the prompt field and click Save /
Finish.
Two check boxes are seen here. One allows the CA to issue certificates for all devices (Slicestor®, Accesser®, and Manager devices). The second check box allows the CA to issue certificates for
users.
Use format that is shown here.
-----BEGIN CERTIFICATE-----
MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
. . . .
zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
-----END CERTIFICATE-----
Multiple certificates can be entered by using the Begin and End
delimiters for each certificate separately.