Viewing and working with SSL certificates in depth

This section discusses understanding the technical details of the Data Center Expert (DCE) self-signed SSL certificate for HTTPS operation. Detailed instructions showing how to create a new SSL certificate are also included.

Viewing the currently installed SSL certificate

Using the Data Center Expert (DCE) 7.X client, go to System > Server Administration Settings > Server Access. The dialog box (shown below) displays information about the currently installed SSL certificate including Issued To and Issued By. 

Note: When HTTPS is enabled, DCE will by default create its own self-signed SSL certificate. Examining the details and properties of a certificate, such as the self-signed certificate, is explained in the next section.

Verifying advanced details of the currently loaded SSL certificate (Third party or Self-Signed)

To verify advanced details/properties of the currently loaded SSL certificate such as key size, signature algorithm, etc., you must connect to the server through a web browser and view the SSL certificate there.

As an example, follow these steps with Chrome browser on Windows OS.

1. Connect via HTTPS in a web browser to your DCE server. 
    
2. After successfully connecting and logging in, click on the letters "https" in the address/URL bar in order to display a security related dialog box. 
    
3. Select the Connection Tab. Next, click on Certificate Information.
   
   
4. A Certificate box will display, showing you the Issued To and Issued From information about your SSL certificate. Select the details tab at the top.
   
   
   
5. On the Details tab, you will see important technical details such as the signature algorithm, signature hash algorithm, and key size.
    

Re-creating a new self-signed SSL certificate 

Self-signed SSL certificates created by the DCE server are 2048 bit in size. Beginning with DCE v7.3.1, the server uses a SHA-2 (SHA256) signature algorithm on the self-signed certificate it creates. If the DCE self-signed certificate was created prior to installing DCE v7.3.1, you must create a new self-signed certificate in order to have it use a SHA-2 signature algorithm. 

Note: Earlier DCE versions use a SHA-1 signature algorithm for the self-signed SSL certificate. 2048 bit keys are used in DCE v7.0 and higher for the self-signed certificate or Certificate Signing Requests (CSR).

To create a new self-signed certificate for any reason, follow the steps below. You will use the "Modify Server SSL Certificate" wizard to create or add a new certificate. 

1. In the Server Access menu, click Modify Certificate.
   
   
   
2. In the "Choose Certificate Action" display, select Create New Self-Signed Certificate and press Next.
   
   
   

3. In the "Specify Certificate Parameters" display, edit the parameters, as needed, and click Next.
   
   

   Note: Country is limited to two alphabetical characters.

4. In the "Update Certificate" display, click Finish to overwrite the default SSL certificate with a new, self-signed SSL certificate created by the server.
   
    
   
   Note: Pressing Finish will execute the server reboot command. You can log on to the server again after it finishes rebooting.

    

5. After the server reboots, log in and verify that your new self-signed certificate settings are correct.

Self-signed SSL certificate security properties