A chained personal certificate is a personal certificate
that is created by using another personal certificate to sign it.
This chaining allows a certificate to be signed with a certificate
(a root certificate) that has a long life span. Root certificates
are stored in the DmgrDefaultRootStore or NodeDefaultRootStore.
The server's default personal certificate is a chained certificate
created when the profile is created. Chained certificates can also
be created after profile creation
Before you begin
You use the administrative console to create a chained personal
certificate.
Procedure
- Click Security > SSL certificate and key management.
- Under Related Items, click Key stores and certificates.
- Click a <keystore name> to which you want
to add the chained personal certificate.
- Under Additional Properties, click Personal certificates .
- Click the Create button and select Chained Certificate
The listCertificates AdminTask can be used to generate
the list of root certificates available to sign the certificate.
- Fill in the following information to the General Properties
section as follows:
- Supply an alias name.
- Select Root certificate from the pull down list.
- Key size
- Common name
- Validity period
- Organization
- Organization Unit
- Locality
- State/Province
- Zip code
- Country or region
- Signature algorithm (optional)
- Key usage (optional)
- Extended key usage (optional)
- Subject alternative name email (optional)
- Subject alternative name DNS name (optional)
- Subject alternative name IP address (optional)
- Click Apply then OK.
Results
The certificate is created, signed by the root certificate
specified, and stored in the keystore. Once a chained personal certificate
is created, the certificate can be used by the runtime for SSL communication.