User Information and Usage Information
- User Alias
- An arbitrary name for the certificate (for example, CLEO)
- Common Name
- A user name for client-style certificates; a fully qualified computer name (or
registered IP address) for server-style certificates (for example,
cleo.com). This field may be completed when importing OpenPGP
or SSH FTP keys.
- Email
- Administrator email address, for example, user@cleo.com. This
field may be completed when importing OpenPGP or SSH FTP keys.
- Organization Unit
- This could be a company department (for example, Cleo
Engineering, or Cleo Production)
- Organization
- Official company name (for example, Cleo Communications, Inc.)
- City
- Complete city name (for example, Loves Park)
- State
- State name (for example, Illinois)
- Country
- Two characters (for example, US). Select from pull-down
menu.
- Signature Algorithm
- Either MD5, SHA-1, SHA-256, SHA-384, or SHA-512.
- SHA-256 is recommended for RSA certificates.
- SHA-1 is the only valid signature algorithm for DSA certificates.
- The appropriate algorithm is configured and this is field is disabled after importing
OpenPGP or SSH FTP keys.
- DigitalSignature
- Set if certificate is to be used for SSL client or signing. This field should
generally be checked for AS2, AS3, or ebMS.
- KeyEncipherment
- Set if certificate is to be used for SSL server or encryption. This field should
generally be checked for AS2, AS3, or ebMS.
- clientAuth
- Set if certificate is to be used for TLS client. Not applicable to AS2, AS3, or
ebMS.
- serverAuth
- Set if certificate is to be used for TLS server. Not applicable to AS2, AS3, or
ebMS.
- Subject Key Identifier
- Set if the Subject Key Identifier extension is to be generated. This extension is
used as a means of identifying the particular public key being used.
- Valid For
- The number of months that this certificate will be valid. By default, it is set to
24 months, but may be increased up to 96 months.
Generate Private
Used to generate a new public/private key pair.
- Private Key Size
- 512, 1024, 2048, 3072 or 4096 for RSA certificates.
512 or 1024 for DSA
certificates.
The larger the key size, the stronger the encryption; however,
depending on your platform and/or CPU speed, generating certificates with private key
sizes greater than 2048 bits may take several minutes. (2048 is the default for RSA
certificates. 1024 is the default for DSA certificates.)
- Algorithm
- Defaults to RSA, which is the de facto standard. DSA is also available.
- Private Key Password
- This is an arbitrary password. This password can be any combination of letters,
numbers, or special characters, but cannot start with an asterisk (*).
- Confirm Password
- Re-enter the private key password.
- Encryption Sub-key Size
- 1024, 2048, or 4096-bit OpenPGP encryption sub-key size. Enabled when the Generate
OpenPGP checkbox is selected. This is only necessary if you wish to generate a
certificate to be used for OpenPGP encryption and an encryption sub-key is required.
- OpenPGP Key Does Not Expire
- When selected, the generated OpenPGP key will never expire. Otherwise, the OpenPGP key
will expire when the User Certificate expires. Enabled when the Generate OpenPGP
checkbox is selected.
Import OpenPGP
Used for OpenPGP encryption for an existing key.
- OpenPGP Key
- OpenPGP secret key. Browse/type for the OpenPGP filename.
- Private Key Password
- This must be the same password as the existing key.
SSH FTP Key
SSH FTP Key - to use an existing key for SSH FTP authentication. Enter the following
information and click Import to read the key information. The Common
Name and Email fields will be completed using the key information.
- SSH FTP Key
- SSH FTP private key. Browse/type for the SSH filename.
- Private Key Password
- This must be the same password as the existing key.