Administration |
VersaLex provides functionality for managing digital certificates and private keys. It facilitates:
When invoked through VersaLex during SSL negotiation, it also is used to:
An X.509 certificate is equivalent to an ID card. It identifies a subject (entity) and an issuer (signer). If the subject and issuer are the same, the certificate is said to be self-signed.
The certificate infrastructure includes a public/private key pair for encryption. The public key is encapsulated in the digital certificate and is shared with trading partners. The private key is kept secret. Only the private key can be used to decrypt what has been encrypted by trading partners using the public key. A certificate and its public/private key pair can also be used as a digital signature.
Certificates are grouped into three categories:
Connecting a certificate's issuer CA to the next certificate's subject CA forms the chain. If a certificate's issuer CA cannot be found, the chain is incomplete. If a host requests the user certificate during SSL negotiation prior to a file transfer, the certificate chain, whether complete or not, is built and sent. Depending on the host, an incomplete chain may or may not affect the success of transfers.
For your convenience, VersaLex comes installed with an assortment of trusted VeriSign intermediate and root CA certificates and a trusted RSA root CA certificate.
All the certificates currently stored in Certificate Manager are listed directly under each store type (with a certificate icon). Certificate Manager builds and displays certificate chains starting in the users and trusted intermediate CA certificate stores trees. The certificates listed in these chains (with no icon) are references to a stored intermediate or root CA certificate.
If a chain is incomplete, the chain terminates with a ? Not Found and the certificates in the chain are colored orange. If the issuer CA certificate is found but the signature is not valid, the chain is also considered incomplete. If signature verification is not an issue, it can be turned off by selecting Check Certificate Issuer's CA Signature.
and clearingIf a certificate is not yet valid or is expired, the certificate is colored red. If validity is not an issue, it can be turned off by selecting Check Certificate Validity Period. When a certificate or a certificate chain is colored red, orange or is marked with a , additional tool-tip information is also provided.
and clearingThe action items available at any given time from Certificates in the menu bar, the toolbar, and the right-click menus are dependent on the current selection in the tree pane.
Action items for adding a new certificate (e.g. generate user certificate, import) are enabled depending on the store type selected.
Action items for manipulating an existing certificate (e.g. generate CSR, replace, export, remove) are enabled depending on the certificate selected.