Managing Certificates

You can view, edit or delete, the trust settings of the various certificates installed on your server. This includes your own certificate and certificates from CAs.

To manage certificate lists, perform the following steps

To manage certificate lists

1. Access either the Administration Server or the Server Manager and choose the Security tab.

   From the Server Manager you must first select the server instance from the drop-down list.

2. Click the Manage Certificates link.

   • If you are managing a certificate for a default configuration using the internal cryptographic module, a list of all installed certificates with their type and expiration date is displayed. All certificates are stored in the server_root/alias directory.

     • If you are using an external cryptographic module, such as a hardware accelerator, you will first need to enter your password for each specific module and click OK. The certificate list will update to include certificates in the module.

3. Click the Certificate Name you wish to manage.

   An Edit Server Certificate page appears with management options for chosen certificate. Only CA certificates allow you to set or unset client trust. Some external cryptographic modules do not allow deletion of certificates.

   Figure 6–1 Edit Server Certificate

   
   

4. In the Edit Server Certificate window you may select:

   • Delete Certificate or Quit for certificates obtained internally

   • Set client trust, Unset server trust, or Quit for CA certificates

5. Click OK.

6. For the Server Manager, click Apply, and then Restart for changes to take effect.

   Certificate information lists the owner and the person who issued the certificate.

   Trust settings allow you to set client trust or unset server trust. For LDAP server certificates the server must be trusted.