Creating a Key Pair and Public-Key Certificate with Subject Alternative Name (SAN)
- Open the Key Storage Content tab.
- Select the view for which you want to create a key pair and certificate from the Key Storage Views.
- In the View Entries tab, choose Create.
The New Entry dialog appears.
- In Step 1, define the basic settings of the new entry.
- In the Entry Name field, specify a name for the certificate.
- Select the certificate algorithm in Algorithm, for example, RSA (Rivest, Shamir, Adleman) or DSA (Digital Signature Algorithm).
- Choose the certificate key length in Key Length.
- Specify the certificate validity period in the Valid From and Valid To fields.
Enter the values using the format mm/dd/yyyy.
- If you want to have a copy of the new certificate as a separate keystore entry next to the new key pair in the key storage, select Store Certificate.
- In Step 2, specify the properties of the Subject field for the certificate. If no property has value, the Subject Alternative Name extension will be denoted as critical.
- In Step 3, specify the properties of the Subject Alternative Name extension of the certificate. If at least one property of the Subject has a value, the Subject Alternative Name extension will be denoted as non-critical.
- Add the directory name properties. You can also use the Move Up and Move Down buttons to sort the properties.
- Add all other subject alternative name properties and choose Next.
- In Step 4, sign the new entry with a key pair and choose the signature hashing algorithm for the certificate. This step is optional.
If you create a self-signed certificate, then specify hashing algorithm for the certificate signature in the Signature Hashing Algorithm menu. If you specify a signing CA , the hashing algorithm will be used from the CA certificate.
- In Step 5, preview your settings.
A progress bar indicates the generation of the key pair and certificate. Once generated, they are displayed on the View Entries list.
Your feedback on this configuration is appreciated. Please tell us if:
- You can intuitively use this functionality, and what we can improve on its usability.
- The newly added SAN support for the certificate generation solves your previous issues.
- You need other certificate generation features that will improve your daily work.