The local CA is used to sign and verify the server certificate and may also be used to sign client
certificate requests. To create and install a local CA, perform the following steps.
-
In the ESKM Management console, go to Security > Certificates & CAs, and click Local CAs.
Create Local CA
-
Scroll down to the Create Certificate section.
-
Enter a Certificate Authority Name and Common Name. These may have the same value, for example, ESKMLocalCA.
-
Enter your Organizational information.
-
Select the Algorithm (e.g., RSA-2048).
-
Select Self-signed Root CA and enter the CA Certification Duration and Maximum User
Certificate Duration. These values determine when the certificate must be renewed and should be set in accordance with your company's security policies. The default value for both is 3650 days or 10 years. -
Click on Create.