The local CA is used to sign and verify the server certificate and may also be used to sign client certificate requests. To create and install a local CA, perform the following steps:
-
Log in to the ESKM Management Console using the admin username and the password you supplied in First run. For more information, refer to the ESKM_Installation and Replacement_Guide_8.54.0.
-
Select the Security tab.
-
In Certificates & CAs, click Local CAs.
Create Local CA
-
Enter a Certificate Authority Name and Common Name. These may have the same value, for example, ESKM Local CA.
-
Enter your organizational information.
-
Select the Algorithm (e.g., RSA-2048).
-
Click Self-signed Root CA and enter the CA Certification Duration and Maximum User Certificate Duration. These values determine when the certificate must be renewed and should be set in accordance with your company's security policies. The default value for both is 3650 days or 10 years.
-
Click Create.