Generating a Key and Certificate Signing Request (CSR)
Because certificates generated on the machine do not have a CA signature, a communication error may result depending on devices it communicates with. To have the certificate authority issue the certificate with the CA signature, you need to obtain data of CSR (Certificate Signing Request), which the administrator can generate from Remote UI. When the certificate is issued, register it in the key with the CSR generated.
Generating a Key and CSR
1
Start the Remote UI and log in to System Manager Mode.
Starting Remote UI2
Click [Settings/Registration] on the Portal page.
Remote UI Screen3
Select [Device Management]
[Key and Certificate Settings].
4
Click [Generate Key].
Deleting a registered key and certificate
Click [Delete] on the right of the key and certificate you want to delete
click [OK].
A key and certificate cannot be deleted if it is currently used for some purpose, such as when "[TLS]" or "[IEEE 802.1X]" is displayed under [Key Usage]. In this case, disable the function or replace the key and certificate before deleting it.
5
Select [Key and Certificate Signing Request (CSR)] and click [OK].
6
Specify settings for the key and CSR.
[Key Settings] [Key Name]
Enter alphanumeric characters for naming the key. Set a name that will be easy for you to find later in a list.
[Signature Algorithm]
Select the signature algorithm from the drop-down list.
[Key Algorithm]
Select the key generation algorithm from [RSA] or [ECDSA], then select the key length from the drop-down list. In any case, the larger the number for the key length is, the slower the communication becomes. However, the security becomes tighter.
| | When [SHA384] or [SHA512] is selected in [Signature Algorithm], [512-bit] cannot be selected as the key length when [RSA] is selected in [Key Algorithm]. |
[Certificate Signing Request (CSR) Settings] [Country/Region]
Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US" for the United States.
[State]/[City]
Enter alphanumeric characters for the location as necessary.
[Organization]/[Organization Unit]
Enter alphanumeric characters for the organization name as necessary.
[Common Name]
Enter alphanumeric characters for the common name of the certificate as necessary. "Common Name" is often abbreviated as "CN."
7
Click [OK].
Generating a key and CSR may take some time.
8
Click [Store in File].
A dialog box for storing the file appears. Choose where to store the file and click [Save].
The CSR file is stored on the computer.
9
Attach the stored file and submit the application to the certification authority.
Registering a Certificate to a Key
The key with the CSR generated cannot be used until the certificate issued from the certificate authority based on the CSR is registered in the key. Once the certification authority has issued the certificate, register it using the procedure below.
1
Start the Remote UI and log in to System Manager Mode.
Starting Remote UI2
Click [Settings/Registration] on the Portal page.
Remote UI Screen3
Select [Device Management]
[Key and Certificate Settings].
4
Click [Key Name] or [Certificate] required to register the certificate.
5
Click [Register Certificate].
6
Click [Browse], specify the file for the certificate signing request, and click [Register].
LINKS