Stormshield SN series Configuration Manual page 69

Validity (days)
This field corresponds to the number of days for which your certificate authority and
consequently your PKI, will be valid. The date affects all aspects of your PKI as indeed, once this
certificate expires, all user certificates will also expire. This value cannot be modified later.
The value of this field must not exceed 3650 days.
Click on Next.
In this step of the wizard, you will need to enter the configuration regarding the distribution of the
CRL (Certification Revocation List). This information will be embedded in the generated CAs and
will allow applications that use the certificate to automatically retrieve the CRL in order to check
the certificate's validity.
You can now manage your certificate revocations in the table that appears on the screen and
enter the URLs that act as distribution points for revoked (invalid) certificates.
Add
Delete
Move up
Move down
The following window sets out a summary of the information in your certificate.
Click Finish.
You will now see in the left column of the Certificates and PKI screen the CA that you have just
created, represented by the icon
By clicking on the relevant CA, detailed information about it will be displayed on the right side of
the screen in 3 tabs:
"Details" tab
This tab contains 4 sections setting out data concerning the " Validity " of the authority, its
recipient (" Issued for "), its " Issuer " and its " Fingerprint" (information about the CA and its
version).
"CRL" tab
Rounds up information regarding the CRL: its la validity including the last and next update, the
table of distribution points and the table of revoked certificates which should contain a serial
number, a revocation date and a reason for the revocation (optional).
The maximum lifetime of certificates has been increased to ten years.
Page 69/448
NOTE
When you click on this button, a new line will appear allowing you to enter a URL as a
distribution point for certificate revocation lists.
The first URL you enter will be numbered "1" and so on for the URLs that follow. The
firewall will process items in the CRL according to their order of appearance on the
screen.
Select the line to delete and click on this button to remove it from the list.
Move your URL up one line in the order of priority in the table by clicking on this
button.
Repeat this operation until your URL reaches the number you wish to assign to it.
Bring down your URL one or several places in the list using this button.
(which represents the default CA).
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
CERTIFICATES AND PKI