Stormshield SN series Configuration Manual page 71

Once the certificate has been generated and published by the administrator, the user will receive
a confirmation e-mail that his certificate has been created and will be able to use it for logging on
(if the e-mail sending option has been enabled).
The user certificate also depends on a parent CA, and will therefore select the default CA.
Click on the button Add a user certificate.
Name (CN)
(mandatory)
Identifier
E-mail address
(mandatory)
Next, you will need to specify various options for your user certificate.
The field "Validity" is set by default to 365 days, and the field Key size to 2048 bits.
To view your certificate created in the list to the left, expand the parent CA to which it is
attached.
Publication in LDAP directory
You can choose to associate the user certificate with your LDAP database by selecting the option
"Publish this certificate in the LDAP directory".
If this option is selected, the certificate can be directly linked to its user if this user exists in the
LDAP database and consequently make the Authentication process easier.
For this, the e-mail address specified during the creation of the user certificate in the wizard has
to be the same as the address used in the user profile in the firewall's user database.
Password of the
published PKCS#12
container (min. 8 char)
Confirm password
Mandatory password
strength
Click on Next.
The following windows set out the information about the pre-selected parent CA as well as a
summary of the data in the user certificate.
Click Finish.
By clicking on the relevant certificate, detailed information about it will be displayed on the right
side of the screen in a single tab:
Page 71/448
NOTE
Enter your user's name, limited to a maximum of 64 characters.
NOTE
This field has to be entered in order to continue the configuration.
Even though this field is not mandatory, you can indicate here a shortcut to your CN,
which will come in handy for your command lines.
Example If you had selected a first name and last name for your CN, the ID may
indicate just the initials.
In this field, enter the e-mail address of the user for whom you wish to create a
certificate.
NOTE
The PKCS#12 container is a file format that allows storing the private key and the user
certificate as well as the CA's certificate.
Enter a password in order to protect the data for the 3 items mentioned above.
Type your password again in this field in order to confirm it.
This field indicates your password's level of security: "Very Weak", "Weak", "Medium",
"Good" or "Excellent".
You are strongly advised to use uppercase letters and special characters.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
CERTIFICATES AND PKI