|
| Working with the M111 |
|
| Managing certificates |
|
|
|
Content and |
|
|
file format | Items carried in the file | Description |
|
|
|
X.509 certificate in | One or more X.509 certificate | Popular format in the Unix |
PEM file |
| world. X.509 DER certificate is |
|
| base64 encoded and placed |
|
| between |
|
| |
|
| and |
|
|
|
|
| lines. Multiple certificates can be |
|
| repeated in the same file. |
|
|
|
ASN.1 DER encoded | One X.509 CRL | Most basic format supported for |
X.509 CRL |
| CRL. |
|
|
|
X.509 CRL in PEM file | One X.509 CRL | Same format as X.509 certificate |
|
| in PEM format, except that the |
|
| lines contain BEGIN CRL and |
|
| END CRL. |
|
|
|
Certificate and private key store
This list displays all certificates installed on the M111. The M111 uses these certificates and private keys to authenticate itself to peers.
The following information is displayed for each certificate in the list:
ID: A sequentially assigned number to help identify certificates with the same common name.
Issued to: Name of the certificate holder. Select the name to view the contents of the certificate.
Issued by: Name of the CA that issued the certificate.
Current usage: Lists the services that are currently using this certificate.
Delete: Select to remove the certificate from the certificate store.
Installing a new private key/public key certificate chain pair
The certificate you install must:
Be in PKCS #12 format.
Contain a private key (a password controls access to the private key).
Not have a name that is an IP address. The name should be a domain name containing at least one dot. If you try to add a certificate with an invalid name, the default certificate is restored.
The name in the certificate is automatically assigned as the domain name of the M111.