Certificate management

Back

Certificates are digital documents compounds from a private key and a public key that allow encrypted communications between the client and the server. The public key encrypts the message that only the private key can decrypt. The public key is freely transmitted from the server to any software requires, for example the browser  while the private keys are secret and protected by a password.

Digital certificates are usually signed by a Certification Authorities , that certifies the validity of the issuer of the public key. In this way the software that uses the public key is the certainty that the issuer of the public key is exactly who they say they are.

A digital certificate is not signed by any authority says self-signed. The communication between the client and the server is encrypted anyway, but the certificate will not be considered safe.

With LBL you can automatically generate digital certificates self-signed, generate the Certification Request, necessary for the authority to sign the certificate or automatically generate valid certificates using the protocol ACME.

The keystore

The keystore are password protected files that contain digital certificates. A single keystore can contain one or more digital certificates. digital certificates within the same keystore, must have the same private key password, the so-called alias password.


LBL manages the following the following formats of the keystore PKCS12, PFX, JKS.

Keystores

To access the mask of managing keystore:

Main Menu > Files > Keystores

Delete an  existing keystore

Copy an  existing keystore in another node

Import a keystore


Export a keystore

Edit/view the content of a keystore

Create a new keystore

When you copy, you import or create a keystore is asked for the destination node.

During the creation you must enter the name of the new keystore and its password.

To edit or view the contents of a keystore, you must enter the password that is used to create it.

Usedefaultpwd “” as the password for the¬†keystore¬†preinstalled in LBL.

Digital certificates. 

To access the mask of managing certificates contained in the keystore:

Main Menu > Files > Keystores

Selected the keystore press the edit button. 

Enter the password for the keystore.

(Use¬†“defaultpwd” as the password for the keystore¬†preinstalled and provided purely by way of example)

Delete an existing certificate

Create a new keystore

Generates the certification request to the CA

Import the response of the CA

Save the changes made to the keustore

Certification request¬†to¬†let’s encrypt¬†via protocol ACME

Export a certificate

Import a certificate

Creating a new certificate

The data requested during the creation of a certificate are:

  1. Common name: the domain name of the certificate (mandatory).
  2. Subject Alternative Names: a list of any other domains for which the certificate is valid,
  3. Organization unit OU:  Organizational Unit.
  4. Organization: Company Name,
  5. Locality: City of society.
  6. Been: state. 
  7. Country: Country Code. IT for Italy.
  8. Mail: Mail of reference.
  9. Duration Days: the duration of the certificate ( default 365 gg).
  10. Alias Password: Password linked to the private key (required). 

    Certificates within one same keystore must have the same password.


Certification request.

The certification request CSR, generates a text in the format code64 necessary to certification authorities to sign the certificate. The CSR is shipped to the certification authorities that will respond with a similar text, CA reply, which must be imported in the certificate.

Import CA Reply.

You can import the CA reply directly in the certificate. The CA reply must contain the public certificates of all CAS involved in the process of signing.

Acme Certification Request.

Automatically generates the certification request and imported the CA reply, through protocol ACME. 

Export

Export the certificate in the formats PKCS12/PFX or PEM. In the case of PKCS12/PFX is request a new password that will be used for both the keystore, both for the alias.

Import

You can import into the keystore a Certificate in PEM format. You will be prompted for a new alias password

Links The links panel of rescue and reinitialisation will report any operations to be carried out to make the changes effective.

Signalling link of salvatagggio and resetting