|[Front page] [Index]|
The Create Certificate option allows creating a new certificate in the system. Clicking the button will open the Make New Certificate page, which is very similar to the regular request editing page. The buttons at the bottom of the page are different, as only the Proceed and Cancel buttons are available.
This option can be used to create CA certificates, for example. See Section Creating a New Certification Authority.
Most fields on this page correspond to those on the Certification Request page. See Processing Requests. Fill in data as necessary.
Validity period defaults to the current time. At least Not after should be changed to a later value.
Key generation parameters can be adjusted by clicking Set Key Generation Parameters. This opens the Key Generation / Import page. On this page, Key Provider Type, Key type, and Key size can be selected. If a hardware security module (HSM) is used, additional settings are available. See Section CA Private Key Options. Clicking Continue will return to the Make New Certificate page.
The CRL distribution point extension is usually added to the certificate in the policy processing stage by the issuing CA. However, certificate creation through the Create Certificate option bypasses all CA policies. Thus, the CRL distribution point needs to be explicitly added when creating the certificate. Selecting From Issuing CA Configuration adds the CRL distribution extension to the certificate. Selecting Static URI allows a URI to be entered in the text box.
Clicking the Proceed button will start the key and certificate creation.
Creating a CA Certificate
Basic Constraints must be set on all CA certificates with the CA flag set. The path length can be used to control whether this CA can issue other CA certificates. Path length is the maximum number of CA certificates that can be located under this certificate in path validation. Setting this value to zero means that this CA can issue only end-user certificates.
If the Make New Certificate page was accessed from CA creation, clicking Proceed will return the operator to the CA creation page. Note, however, that key generation may take some time depending on key size.