You can enter the following certificate parameters:
Subject Name
By default, this field displays the DNS name, if it exists, of the server that will own the certificate. If no DNS name exists, this field displays the fully typed name of the server that will own the certificate.
Directory Name
This field only appears if the Subject name field contains a DNS name. Check the check box if you want to include the server's fully typed NDS name as an alternative name.
Signature Algorithm
Use the browse button to select the signature algorithm that the certificate authority will use to sign the public key certificate. All options are RSA** encryption algorithms. RSA encryption is a common public key algorithm.
RSA Encryption with MD2 Hash
MD2 (Message Digest 2) is recommended for compatibility with older or external PKI systems only.
MD2 has been shown to produce hash collisions. Collisions occur when two different messages hash to the same value. Using MD2 is therefore discouraged.
RSA Encryption with MD5 Hash
MD5 (Message Digest 5) is recommended for compatibility with older or external PKI systems only.
MD5 has been shown to produce pseudo-collisions on the hashed values. Using MD5 is therefore discouraged.
RSA Encryption with SHA-1 Hash
(Secure Hash Algorithm version 1) is a message digest function proposed by the National Institute of Standards and Technology (NIST). The algorithm takes as input a message of arbitrary length and produces a 160-bit hash of the input. NetIQ highly recommends that you use SHA-2 algorithm.
RSA Encryption with SHA-2 Hash
(Secure Hash Algorithm version 2) is a message digest function proposed by the National Institute of Standards and Technology (NIST). The NetIQ Certificate Server supports hash values of 256, 384, or 512 bits from the SHA-2 family. NetIQ highly recommends that you use SHA-2 for all generated public key certificates.
ECDSA Encryption with SHA-2 Hash
(Secure Hash Algorithm version 2) is a message digest function proposed by the National Institute of Standards and Technology (NIST). The NetIQ Certificate Server supports hash values of 256, 384, or 512 bits from the SHA-2 family. NetIQ highly recommends that you use SHA-2 for all generated public key certificates.
Validity Period
Use the drop-down list to specify a period over which the Server Certificate will be valid. The range is from six months to the maximum, the year 2036 (a time limitation based on a 32-bit time value). If you choose the Specific Dates option, you can edit the Effective Date and the Expiration Date fields to create a custom validity period. The maximum date selected must fall within the validity period of the CA.
Effective Date
This field is used to display or edit the time and date that the Server Certificate becomes valid.
Expiration Date
This field is used to display or edit the time and date that the Server Certificate becomes invalid.
For information about NetIQ trademarks, see Legal Notices.