This section discusses understanding the technical details of the Data Center Expert (DCE) self-signed SSL certificate for HTTPS operation. Detailed instructions showing how to create a new SSL certificate are also included.
Viewing the currently installed SSL certificate
Using the Data Center Expert (DCE) 7.X client, go to System > Server Administration Settings > Server Access. The dialog box (shown below) displays information about the currently installed SSL certificate including Issued To and Issued By.
Note: When HTTPS is enabled, DCE will by default create its own self-signed SSL certificate. Examining the details and properties of a certificate, such as the self-signed certificate, is explained in the next section.
Verifying advanced details of the currently loaded SSL certificate (Third party or Self-Signed)
To verify advanced details/properties of the currently loaded SSL certificate such as key size, signature algorithm, etc., you must connect to the server through a web browser and view the SSL certificate there.
As an example, follow these steps with Chrome browser on Windows OS.
- Connect via HTTPS in a web browser to your DCE server.
- After successfully connecting and logging in, click on the letters "https" in the address/URL bar in order to display a security related dialog box.
- Select the Connection Tab. Next, click on Certificate Information.
- A Certificate box will display, showing you the Issued To and Issued From information about your SSL certificate. Select the details tab at the top.
- On the Details tab, you will see important technical details such as the signature algorithm, signature hash algorithm, and key size.
Re-creating a new self-signed SSL certificate
Self-signed SSL certificates created by the DCE server are 2048 bit in size. Beginning with DCE v7.3.1, the server uses a SHA-2 (SHA256) signature algorithm on the self-signed certificate it creates. If the DCE self-signed certificate was created prior to installing DCE v7.3.1, you must create a new self-signed certificate in order to have it use a SHA-2 signature algorithm.
Note: Earlier DCE versions use a SHA-1 signature algorithm for the self-signed SSL certificate. 2048 bit keys are used in DCE v7.0 and higher for the self-signed certificate or Certificate Signing Requests (CSR).
To create a new self-signed certificate for any reason, follow the steps below. You will use the "Modify Server SSL Certificate" wizard to create or add a new certificate.
- In the Server Access menu, click Modify Certificate.
- In the "Choose Certificate Action" display, select Create New Self-Signed Certificate and press Next.
In the "Specify Certificate Parameters" display, edit the parameters, as needed, and click Next.
Note: Country is limited to two alphabetical characters.
In the "Update Certificate" display, click Finish to overwrite the default SSL certificate with a new, self-signed SSL certificate created by the server.
Note: Pressing Finish will execute the server reboot command. You can log on to the server again after it finishes rebooting.
- After the server reboots, log in and verify that your new self-signed certificate settings are correct.
Self-signed SSL certificate security properties
|Public Key Size||2048 bit*|
|Signature Algorithm||SHA-2 (sha256)**|
|Signature Hash Algorithm||SHA-2 (sha256)**|
*DCE v7.0 and higher. 1024 bit used in earlier versions.
**DCE v7.3.1 and higher. SHA-1 used in earlier versions.
Please sign in to leave a comment.