The local CA is used to sign and verify the server certificate and may also be used to sign client certificate requests. To create and install a local CA, perform the following steps:
-
Log in to the ESKM Management Console.
-
Select the Security tab.
-
In Certificates & CAs, click Local CAs.
-
Scroll down to the Create Certificate section.
-
Enter a Certificate Authority Name and Common Name. These may have the same value, such as ESKM Local CA.
-
Enter your Organizational information.
-
Select the Algorithm (e.g., RSA-2048).
-
Click on Self-signed Root CA and enter the CA Certification Duration and Maximum User Certificate Duration. These values determine when the certificate must be renewed and should be set in accordance with your company's security policies. The default value for both is 3650 days or 10 years.
-
Click on Create.
Create Local CA
-
Select the created CA Certificate.
-
Click Download button to download the CA certificate.
Local CA