5If you override the defaults, provide the following information in the next few screens:

ÂÂ A unique serial number for the root certificate

ÂÂ The number of days the CA functions before expiring

ÂÂ The type of user certificate this CA is signing

ÂÂ Whether to create a CA website for users to access for CA certificate distribution

6Click Continue.

7Provide the Certificate Assistant with the requested information and click Continue.

You need the following information to create a CA:

ÂÂ An email address of the responsible party for certificates

ÂÂ The name of the issuing authority (you or your organization) ÂÂ The organization name

ÂÂ The organization unit name

ÂÂ The location of the issuing authority

8Select a key size and an encryption algorithm for the CA certificate and then click

Continue.

A larger key size is more computationally intensive to use, but much more secure. The algorithm you choose depends more on your organizational needs than a technical consideration.

DSA and RSA are strong encryption algorithms. DSA is a United States Federal Government standard for digital signatures.

9Select a key size and an encryption algorithm for the certificates to be signed, and then click Continue.

10Select the Key Usage Extensions you need for the CA certificate and then click

Continue.

At a minimum, you must select Signature and Certificate Signing.

11Select the Key Usage Extensions you need for the certificates to be signed and then click Continue.

Default key use selections are based on the type of key selected earlier in the Assistant.

12Specify other extensions to add the CA certificate and click Continue.

13Select the keychain “System” to store the CA certificate.

14Choose to trust certificates on this computer signed by the created CA.

15Click Continue and authenticate as an administrator to create the certificate and key pair.

16Read and follow the instructions on the last page of the Certificate Assistant. You can now issue certificates to trusted parties.

Chapter 4    Enhancing Security

67

Page 67
Image 67
Apple 10.6 manual Enhancing Security