Generate Self-Signed Certificate window
Figure 211. Default view of the Generate Self-Signed Certificate window
This window opens when you click New at the bottom of the User Key Store tab.
A self-signed certificate provides data encryption only. Since it is not signed by a CA (Certificate Authority) it cannot verify server identify. Generating a self-signed certificate should be a temporary measure until a signed certificate is installed in the browser’s and station’s trust stores. After installing the signed certificate you should delete any self-signed certificates. See the Niagara Station Security Guide for more information about using TLS (Transfer Layer Security) to secure communication among security system components.
There is a limit of 64 characters for each of the following properties. Although blank properties are permitted, it is recommended to correctly fill in all properties, as not doing so may generate errors, or cause third-party CAs to reject your certificate. Spaces and periods are allowed. Enter full legal names.
| Name | Value | Description |
|---|---|---|
| Alias | text | A short name used to distinguish certificates from one another in the Key Store. This property is required. It may identify the type of certificate (root, intermediate, server), location or function. This name does not have to match when comparing the server certificate with the CA certificate in the client’s Trust Store. |
| Common Name (CN) | text, required, alphanumeric; do not use “*” or “?” as part of the name | Also known as the Distinguished Name, this field should be the host name. It appears as the Subject in the User Key Store. |
| Organizational Unit (OU) | text | The name of a department within the organization or a Doing-Business-As (DBA entry). Frequently, this entry is listed as "IT", "Web Security," "Secure Services Department" or left blank. |
| Organization (O) | text | The legally registered name of your company or organization. Do not abbreviate this name. This property is required. |
| Locality (L) | text | The city in which the organization for which you are creating the certificate is located. This is required only for organizations registered at the local level. If you use it, do not abbreviate. |
| State/Province (ST) | text | The complete name of the state or province in which your organization is located. This property is optional. |
| Country Code (C) | two-character ISO-format country code. | If you do not know your country's two-character code, check www.countrycode.org. This property is required. |
| Not Before | date | Specifies the date before which the certificate is not valid. This date on a server certificate should not exceed the Not Before date on the root CA certificate used to sign it. |
| Not After | date | Specifies the expiration date for the certificate. This date on a server certificate should not exceed the Not After date on the root CA certificate used to sign it. |
| Key Size | number | Specifies the size of the keys in bits. Four key sizes are allowed: 1024 bits, 2048 bits (this is the default), 3072 bits, and 4096 bits. Larger keys take longer to generate but offer greater security. |
| Certificate Usage: | text | Specifies the purpose of the certificate: server, client or CA certificate. Other certificate management software utilities may allow other usages. |
| Alternative Server Name | text | This property provides a name other than the Subject (Common Name) that the system can use to connect to the server. Like the Common Name, the system uses the Alternative Server Name to validate the server certificate making it possible to specify both an IP (Internet Protocol) and FQDN (Fully Qualified Domain Name). |
| Email Address | email address | The contact address for this certificate. It may also be the address to which your signed certificate (.pem file) will be sent. |