Certificates management

Introduction - Digital certificates and keystore

Digital certificates

Digital certificates are documents consisting of a private key and a public key that allow encrypted communication between clients and servers. The public key encrypts the message that only the private key can decrypt. The public key is freely transmitted from the server to any software that requires it, for example browsers, while private keys are secret and password protected.

Digital certificates are usually signed by a Certification Authority, which certifies the validity of the public key issuer. In this way, the software that uses the public key is sure that the issuer of the public key is exactly who it claims to be.

A digital certificate not signed by any authority is said to be self-signed. Communication between client and server is still encrypted, but the certificate will not be considered secure.

With LBL, you can automatically generate self-signed digital certificates, generate Certification Requests, which are required by authorities to sign the certificate, or automatically generate valid certificates using the ACME protocol.

Keystore

Keystores are password-protected files that contain digital certificates. A single keystore can contain one or more digital certificates. Digital certificates within the same keystore, must have the same private key password, the so-called password alias.

LBL handles the following PKCS12, PFX, JKS keystore formats.

Keystores, New100014

To access the Keystore management form:

Main Menu > Files > Keystores

image1

image2

Delete an existing keystore

image3

Copy an existing keystore to another node

image4

Import a keystore

image4

image5 Export a keystore

Edit/view the contents of a keystore

image6

Create a new keystore

When you copy, import, or create a keystore, you are prompted for the target node. When creating, you must enter the name of the new keystore and its password. To edit or view the contents of a keystore, you must enter the password used for creation. Use "defaultpwd property " as a password for keystore preinstalled in LBL.

Digital certificates

To access the certificate management form contained in the keystore:

Main Menu > Files > Keystores

image5

Select the keystore to press the edit button.

Enter the keytore password.

(use "defaultpwd" as the password for the keystores preinstalled and provided as an example)

image7

image2

Delete an existing certificate

image6

Create a new keystore

image8

Generate certification request for ca

image8

Import CA response

image9

Save changes to keustore

image10

Certification request a Let\'s encrypt via ACME protocol

image4

Export a certificate

image4

Import a certificate

Creating a new certificate

The data required when creating a certificate is:

  1. Common name: The domain name of the certificate (required).

  2. Subject alternative names: A list of any other domains for which the certificate is valid.

  3. Organisation unit OU: Organizational unit.

  4. Organization: Company name,

  5. Locality: City of Society.

  6. State: Status.

  7. Country: Country code. IT for Italy.

  8. Mail: reference email.

  9. Duration Days: Certificate duration (default 365 days).

  10. Password alias: Password linked to private key (required). Certificates within the same keystore must have the same password.

Certification request.

The CSR certification request generates code64 text that is required for the authority certification to sign the certificate. The CSR is shipped to the certification authority that will respond with a similar text, CA reply, which must be imported into the certificate.

Import CA Reply.

You can import the reply CA directly into the certificate. The reply CA must contain the public certificates of all CAs involved in the signing process.

Acme Certification Request.

Automatically the certification request is generated and the CA reply is imported, through the ACME protocol.

Export

Exports the certificate to PKCS12/PFX or PEM formats. In the case of PKCS12/PFX, a new password is required that will be used for both the keystore and the alias.

Import

You can import a certificate in PEM format into the keystore. You will be prompted for a new password alias

The save and refresh the reinitialization link panel will notify you of any operations that need to be done, for the changes to take effect.

image11

Save and Reset Signal Links