Creating a New Certificate

You can import a certificate or generate a CSR and use that certificate on the web server or an IPsec tunnel.

To create a certificate:

1. You must first create a CSR; and complete all the required information related to the certificate, including details such as Common Name, Organization, Organization Unit, and more. For more information, see the Create a CSR section.

2. After creating the CSR, you can either self-sign it or send it to a Certificate Authority (CA) for signature, and the CA will then generate the certificate.

3. Once you upload the certificate to the system, you can either use it as a web server certificate or use it while creating an IPsec tunnel.

Create a CSR

You can either generate a CSR and get it signed by a Certificate Authority or self-sign it.

To create a CSR:

1. Go to Security :: Certificates.

2. Click Create CSR.

3. To generate a CSR to be signed by a CA:

   1. Enter the details.
      

      DO NOT check the Self-signed field.

   2. Click Generate CSR. Download the CSR and send it to a CA.

   3. To download the CSR, go to the Certificate table, and click the CSR name link.

   4. Click Download.

4. To generate a self-signed certificate for the webserver:

   1. Select the Self-Sign Certificate field.

   2. Specify the Certificate validity in days.

   3. Select the Self-Sign Certificate field.

   4. Click Generate CSR. A self-signed certificate is listed in the Certificate tab.

5. To generate a self-signed certificate for the IPsec tunnel:

   1. Specify the Certificate validity in days.

   2. Select the User SSL Certificate Trust Attribute field.

      1. Trusted Peer (P): Select this field if the Nodegrid device can act as a trusted

         peer and be used in the authentication phase in an IPsec network.

      2. In the case of self-signed certificates, where there's no external CA involved,

         these attributes are used to establish trust within the IPsec network.

         1. Trusted CA to issue client certificates (T ): This attribute ensures

            that the self-signed CA certificate is trusted to issue client certificates.

            Select the field to allow the IPsec to be validated against this CA

            certificate to prove their identity and securely gain access to the IPsec

            network.

         2. Trusted CA to issue server certificates (C): This attribute ensures

            that the self-signed CA certificate is trusted to issue server certificates.

            Select the field to allow the IPsec servers to validate against this CA

            certificate to prove their identity and securely gain access to the IPsec.

6. Click Generate CSR.

7. A self-signed certificate is generated and listed under the Certificates tab.