Partition Certificates

You can manage the partition certificates to enable secure access to partitions from external application or clients such as plugins or a REST API client using management GUI or command-line interface (CLI).

About this task

Before you create partition certificates, determine how certificates are signed based on your current security requirements. The system supports the following ways to sign partition certificates:
Internally signed certificate
Externally signed certificate
For more information on internally and externally signed certificates, see System Certificates.
Consider the following additional information about certificates:
Root certificate
For more information on root certificates, see System Certificates.
Partition certificate
The system certificate is signed by the system's root CA or a trusted third-party CA. This certificate is presented to other devices such as external applications or clients such as plugins or a REST client, to authenticate the partition and create a secure connection.
The system certificate supports the following key types:
  • RSA 4096
  • RSA 2048
  • ECDSA 521
  • ECDSA 384
SSL protocol level 4 restricts the use of RSA key exchange cipher suites. Therefore, you cannot enable SSL protocol level 4 when using a certificate with an RSA key. Likewise, you cannot generate a certificate with an RSA key if SSL protocol level 4 is set.