You can enter the following certificate parameters:
Subject Name
By default, this field displays the DNS name, if it exists, of the server that will own the certificate. If no DNS name exists, this field displays the fully typed name of the server that will own the certificate.
You also have the option of reversing the order of the Subject Name from Leaf to Root or from Root to Leaf when creating certificates, depending the order you want the subject name to appear in in the certificate. By default, the directory service object name (the X.500 name for the object that owns the certificate) is used as the subject name in certificates.
The subject name should not contain unsupported characters including: a plus sign, quotation marks, a carriage return, or any non-ASCII characters (for example, Asian kanji or other international unicode characters).
Alternative Name
This field only appears if the Subject name field contains a DNS name. Check the check box if you want to include the server's fully typed NDS name as an alternative name. You can add the DNS name, URI information, etc.
Add Name
Click Add Name to specify one or more subject alternative names. For example, you can specify an IP address as an subject alternative name.
Signature Algorithm
Use the browse button to select the signature algorithm
that the certificate authority will use to sign
the public key certificate. All options are
RSA* encryption algorithms. RSA encryption is a common public key algorithm.
RSA Encryption with MD2 Hash
MD2 (Message Digest 2) is recommended for compatibility with older or external PKI systems only.
MD2 has been shown to produce hash collisions. Collisions occur when two different messages hash to the same value. Using MD2 is therefore discouraged.
RSA Encryption with MD5 Hash
MD5 (Message Digest 5) is recommended for compatibility with older or external PKI systems only.
MD5 has been shown to produce pseudo-collisions on the hashed values. Using MD5 is therefore discouraged.
RSA Encryption with SHA-1 Hash
SHA-1 (Secure Hash Algorithm version 1) is a message digest function proposed by the National Institute of Standards and Technology (NIST). Novell recommends SHA-1 for all generated public key certificates.
Validity Period
Use the drop-down list to specify a period over which the Server Certificate will be valid. The range is from six months to the maximum, the year 2036 (a time limitation based on a 32-bit time value). If you choose the Specific Dates option, you can edit the Effective Date and the Expiration Date fields to create a custom validity period. The maximum date selected must fall within the validity period of the CA.
Effective Date
This field is used to display or edit the time and date that the Server Certificate becomes valid.
Expiration Date
This field is used to display or edit the time and date that the Server Certificate becomes invalid.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.