Creating identification credentials

Identification credentials represent a key-pair that consists of a private key and a public certificate. Identification credentials can be used for TLS authentication.

About this task

Identification credentials define the keystore. Identification credentials provide the certificate that identifies the endpoint, which is either the TLS server or client profile, to its remote peer.
  • The TLS standard requires a TLS server to authenticate itself to a remote TLS client.
  • The TLS standard allows a TLS server to authenticate the remote client peer. While TLS servers typically do not require client identification, you must define identification credentials for mutual TLS.

Beyond authentication, identification credentials are used for document encryption, document decryption, and digital signature operations.

Attention: When a certificate alias in this configuration is in the down operational state, this configuration is also in the down operational state.

Procedure

  1. In the search field, enter identification.
  2. From the search results, click Identification credentials.
  3. Click Add.
  4. Define the basic properties - Name, administrative state, and comments.
  5. From the Key list, select the key.
  6. From the Certificate list, select the certificate.
  7. Optional: With the Intermediate CA certificate list, manage intermediate certificates.

    Intermediate CA certificates might be necessary when the CA that is signing this certificate is not widely recognized. If the intermediate CA certificate is also signed by a less recognized CA, another intermediate CA certificate might be necessary for that CA. You can specify up to 10 intermediate certificates.

    If necessary, use the list of available certificate aliases to establish a verifiable trust chain. A trust chain consists of one or more certificate authority (CA) certificates. A trust chain provides a linked path from certificates in the identification credentials to a CA that is trusted by a remote DataPower® Gateway. The trust chain enables the DataPower Gateway to authenticate the certificate.

  8. Click Apply to save changes to the running configuration.
  9. Click Save to save changes to the persisted configuration.