Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus.
[Details]
Each certificate can have its own key pair generated with its own independent settings or common settings can be applied to all key pairs. At minimum, each key pair has to define what type it is by identifying a cipher family and then has to set a strength for that key.
Key Type. Sets the cipher family to use to generate the key pair. RSA and ECC key types have slightly different strength options.
RSA strength: Key Size. Sets the key length for the generated pair. Longer keys are stronger, which makes them more secure.
However, longer key pair sizes also increase the time required to perform operations such as signing certificates, so long keys can affect performance.
ECC strength: Curve Name. Sets the curve algorithm to use, which can be any one of the curves listed below. The curves that are included in parenthesis are equivalent - and either name can be used. Note that not all curves may be supported by the token.
Signing Algorithm. Signing certificates only. Sets the signing algorithm which will be used to sign objects issued by the subsystem. This is only displayed for certificates which are used for object signing, such as the CA signing certificate or the OCSP signing certificate.
Signed With. Root CAs only. Sets the signing algorithm used to sign the CA signing certificate itself.
#if ($select == "clone")
For a cloned subsystem, only the key for an SSL server certificate is generated.
#end
#if ($errorString != "")
$errorString
#end
#if ($item.isEnable())
Use the default key size ($default_keysize bits).
#else
Use the default key size ($default_keysize bits).
#end
#if ($item.isEnable())
Use the following custom key size:
#else
Use the following custom key size:
#end
Key Size:
#if ($item.isEnable())
#else
#end
#if ($item.isEnable())
Use the default curve ($default_ecc_curvename).
#else
Use the default curve ($default_ecc_curvename).
#end
#if ($item.isEnable())
Use the following curve:
#else
Use the following curve:
#end
Curve Name:
#if ($item.isEnable())
#else
#end
#end
#if ($firsttime == 'false')
New Keys
#end
Note: After pressing Next, keys will be generated on the server, which will take some time to complete. Please wait for the next panel to appear.