Add CA Certificates

Add CA Certificate

This screen helps in creating/uploading CA Certificates.

Creating CA Certificate: (Signing CA)

Create User Certificates

Only one CA Certificate can be created, to create another CA delete the existing one.

To create CA certificate, the following information is needed:

● Certificate Name: A unique name to identify the CA Certificate.

● Valid upto: Date till which the CA Certificate is valid, after which the certificate expires.

● Key Length: The encryption key size, more the key length, greater the security level & more processing power required.

● Password: The password/passphrase for the CA Certificate.

● LocalID: The Local Identifier for the Certificate helps the firewall to identify the CA Certificate.

⇒ FQDN: The Fully Qualified Domain Name (FQDN), FQDN must be in ASCII format. For example, myhost.test.com.

⇒ X.509 DN: An X.509 certificate binds a name to a public key value. The role of the certificate is to associate a public key with the identity contained in the X.509 certificate.

⇒ IP Address: IP address the certificate is associated with. It can be any IP address. For example 125.11.12.13

⇒ Email: Email address the certificate is associated with. For example support@gajshield.com

● Country Name: Select the country where the firewall is installed.

● State / Locality Name: State and Locality are full names, i.e. 'California', 'Los Angeles'.

● Organization Name: Full Legal Company or Personal Name, as legally registered.

● Organizational Unit Name: In whichever branch of your company the firewall is getting installed. For example Accounting, IT etc.

● Common Name: Common name is a mandatory bit of uniquely identifying data, such as FQDN or Personal Name.

● Email Address: Insert support email address in case of issues.

Please be sure that the fields marked unique are kept unique, else certificate will not be created.

Uploading CA Certificate: (Verifying CA)

Upload User Certificates

A Certificate can be uploaded as a .p12 file or as certificate+key (pem+req or pem+pem) file. These Certificates are stored as Verifying CA's.

The following information need to be given along with the uploaded file.

● Certificate Name: The name of the certificate you wish to give. (please note the name should only consist of alphanumeric characters, other characters are disallowed)

● CA Certificate Format: The format of the file you are uploading (either .p12 or .pem).

● CA Certificate File: If the Certificate Format above is selected as PKCS12 Format, then upload the .p12 file here, else if the Certificate Format is set to PEM Format, then upload the certificate file of the pem pair here.

● CA Certificate PKCS12 PassPhrase: Provide the pkcs12 passphrase for the .p12 file, and for PEM Format leave this field blank

● CA Key File: If PKCS12 Format is selected, leave this field blank, If PEM Format is selected, you can upload the key file here. This field is optional.

● CA Key PassPhrase: Please provide the key file's passphrase, if the key file is uploaded.