Key Size
Use the drop-down list to select a key size.
You should choose a large key size (2048 or higher) if possible. Larger keys are harder to break and provide a more secure environment for your cryptography-enabled application.
Note: Novell® Certificate Server queries the server that the Certificate Authority (CA) is associated with for the largest key size it supports. NICI supports key sizes up to 4,096 bits.
Key Type and Usage
These options allow you to select a key type. Each key type has predefined key usage values associated with it. A check in the
check box next to a key usage value indicates that the key type is selected.
These key usages are a subset of the key usages that have been defined in X.509
v3 and they serve different purposes. Data encipherment is asserted when the
public key is to be used for encrypting user data (other than cryptographic
keys). Key encipherment is asserted when the public key is to be used for
encrypting or enciphering other cryptographic keys--for example, for key
management purposes. Digital signature is
asserted when the public key is used to validate or verify a digital signature.
Unspecified
Does not activate any key usage in the certificate.
Certificate Authority
The default. Activates the Certificate Signing and CRL Signing key usage.
Custom
Lets you select any or all of the key usage options manually.
Set the Key Usage Extension to Critical
With any key type except Unspecified selected, you can mark the key usage
extension as critical. Any extension that is critical must be understood by the
receiving software before the certificate can be used for any purpose.
Therefore, marking an extension as critical does pose some risk, because not all
applications can use the certificate. However, for well known
extensions such as key usage, the risk is minimal. In general, if key usage is
specified, the extension should be marked critical.
Allow Private Key to be Exported
Select this if you want the ability to export the private key with the
certificate from eDirectoryTM for use in cryptography-enabled
applications or if you wish to be able to easily back-up the private key and
certificate.
Enable Extended Key Usage
You can choose to encode an Extended Key Usage extension in the certificate. To
activate this feature, select Enable Extended Key Usage.
There are four extended key types available:
Server
Activates the Server Authentication extended key usage.
User
Activates the User Authentication and E-mail Protection extended key usages.
Custom
Lets you select any or all Extended Key Usages.
Any
Lets the key be used for any extended key usage.
Set the Extended Key Usage Extension to Critical
Any extension that is critical must be understood by the receiving software
before the certificate can be used for any purpose. Therefore, marking an
extension as critical does pose some risk, because not all applications can use
the certificate. As many applications do not understand the
Extended Key Usage Extension, marking this extension as critical poses
significant risk of the certificate not being accepted by a given application;
therefore, it should only be set to critical when necessary.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.