®
USER’S GUIDE
Battery Management System
131
Create a Root Certificate & Server Certificates
Summary
Use this procedure if your company or agency does not have its own
Certificate Authority and you do not want to use a commercial
Certificate Authority to sign your server certificates.
• Create a CA root certificate that will be used to sign all server
certificates to be used with Battery Management Systems. During this
task, two files are created.
– The file with the .p15 extension is an encrypted file which contains
the Certificate Authority’s private key and public root certificate. This
file signs the server certificates.
– The file with the .crt extension, which contains only the Certificate
Authority’s public root certificate. You load this file into each Web
browser that will be used to access the Battery Management
System so that the browser can validate the server certificate of the
Management Card.
• Create a server certificate, which is stored in a file with a .p15
extension. During this task, you are prompted for the CA root certificate
that signs the server certificate.
• Load the server certificate onto the Battery Management System.
• For each Battery Management System that requires a server
certificate, repeat the tasks that create and load the server certificate.
The public RSA key that is part of a certificate generated by
the APC Security Wizard is 1024 bits. (The default key
generated by the Management Card, if you do not use the
Wizard, is 768 bits.)