Select Certificate Signing, and click OK. On the Add Certificate Extensions window, click the green plus (+) sign to select the type of extension you are adding. The root certificate will be used to sign any intermediate certificates that may be required so you must add an additional extension type (a certificate signing extension). You have now successfully added the required extension. You are taken back to the main Generate Key Pair Certificate configuration screen. Tick the Subject is a CA checkbox, and click OK.īack on the Add Certificate Extensions window, you will see the extension just added. The Basic Constraints Extension window pops up. Select Basic Constraints, and tick the Critical Extensions checkbox. The Add Certificate Extensions window pops up.Ĭlick the green plus (+) sign to select the type of extension you are adding. Remember that in this example, we are generating the server root key pair.Ĭlick Add Extensions. Ask for guidance from your Hub Operator.Īdd the required extensions for the type of key you are generating. NOTE: The required signature algorithm may differ as per your scheme’s requirements. Verify that Signature Algorithm is set to SHA-256 with RSA. The examples shown may have different validity periods, but the general best practice is to have the root valid for 10 years, the intermediate level for 5 years, and the lowest level for 1 year.Īlso note that the Hub Operator may have specific requirements that differ from these "defaults". The Generate Key Pair Certificate window pops up. NOTE: The required algorithm and key size may differ as per your scheme’s requirements. Select RSA as the algorithm and specify the key size to be 4096. A window pops up where you can specify the Algorithm to use, as well as the Key Size. Click the icon with the two golden keys and a green plus (+) sign.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |