Create or Identify a KeySecure Server Certificate

After you have created a local certificate authority with its corresponding CA certificate, you can use that certificate to sign the KeySecure server certificate. You can use the KeySecure management console or another tool to create the server certificate, but you must have an active CA-signed server certificate to establish SSL connections with client services. To create the server certificate, you must create a certificate request and sign the request with the local CA. The steps in this section describe how to create a server certificate signed by the local certificate authority using the KeySecure management console.

To create a server certificate:

  1. On the Security tab, under Device CAs and SSL Certificates, click SSL Certificates.

  2. Under Create Certificate Request on the Certificate and CA Configuration page, enter the appropriate information for all fields.

  3. Click Create Certificate Request.

The request appears in the certificate list with a status of Request Pending.

  1. Select the request, then click Properties.

  2. Copy all of the certificate request text starting with ‑‑‑‑‑BEGIN CERTIFICATE REQUEST‑---- through the ‑‑‑‑‑END CERTIFICATE REQUEST----- string.

Do not copy any extra white space.

  1. Under Device CAs and SSL Certificates, click Local CA.

  2. In the Local Certificate Authority List, select the local CA, then click Sign Request.

  3. Paste the certificate request into the Certificate Request field.

  4. Select Server as the certificate purpose, specify a certificate duration, then click Sign Request.

The newly-activated certificate displays on a new page.

  1. Copy the certificate text starting with ‑‑‑‑‑BEGIN CERTIFICATE‑---- through the ‑‑‑‑‑END CERTIFICATE----- string.

  2. Under Device CAs and SSL Certificates, click SSL Certificates.

  3. Select the server certificate request, then click Properties.

  4. Click Install Certificate.

  5. Paste the text from the signed certificate into the Certificate Response field, then click Save.

When you return to the main Certificate and CA Configuration page, the server certificate is now an active certificate. It can be used in to establish SSL connections with client services.