• Set
as
CA certificate: Select if the certificate you are creating is intended to be a CA.
• Sign
with
CA certificate: Select to sign this certificate with a CA you created previously.
– Certificate
Name: Select your CA certificate from the dropdown list of local certificates.
Subject
• Country
Name:
2-letter country code
• State
or
Province
Name: The name of your state or region
• Local
Name: Generally the city or town
• Organization
Name: Company name
• Organization
Unit: Company division name
• Common
Name: Must be unique; if used for authentication, this must match the configured Common Name (CN) on the third-party authen-
ticator
• Email
Address
Validity
• Days: Input the number of days the certificate should remain valid (999 days maximum).
Public
Key
Algorithm
• Type: Select one of the following:
–
RSA
–
DSA
• Digest: The following
–
MD5
–
SHA-128
–
SHA-256
• Bits: A greater bit size is more secure, but requires more router resources. Some devices do not support 2048 bits, so ensure compatibility.
– 1024
– 2048
Certificate
Signing
Request
Request a certificate signature from a remote CA. Using an established, third-party CA increases the likelihood that your certificate will be trusted
by others (see
security issues
Generate a
certificate signing request
then be sent to a remote CA for a signature. Once the certificate has been signed, import the certificate in PEM or PKCS #12 format.
When you export the CSR, select a Digest, or
more router resources.
•
MD5
•
SHA-128
•
SHA-256
(e.g., AU, UK, US)
cryptographic hash functions
for self-signed certificates for more information).
(CSR) by selecting a certificate from the dropdown list (Name field) and downloading the CSR. The CSR can
cryptographic hash
are listed in order of increasing security. More security requires more router resources.
function. These are listed in order of increasing security. More security requires
136