HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Chapter 3 Using the Certificate Tool

Create a Self-Signed Certificate

  Table of Contents


To create a self-signed certificate, perform the following steps. All fields must be completed to create a valid self-signed certificate. The inception time of a certificate is based on UTC (Coordinated Universal Time). Check with your system administrator that your computer's UTC is set correctly if you want to use the self-signed certificate right away.

  1. Enter the required information for the self-signed certificate.

    • Encrypt Private Key

      Using an encrypted private key forces the passphrase dialog to appear at startup time.

    • Encryption Bits

      The largest recommended size is 1024 bits. Encryption strength is often described in terms of the size of the keys used to perform the encryption; in general, longer keys provide stronger encryption. Key length is measured in bits. Private key sizes larger than 1024 bits are incompatible with some versions of Netscape Navigator and Microsoft Internet Explorer.

    • Certificate Key File

      Use OpenVMS syntax (defaults to SSL$KEY:SERVER.KEY).

    • Certificate File

      Use OpenVMS syntax (defaults to SSL$CRT:SERVER.CRT).

    • Country Name

    • State or Province Name

    • City Name

    • Organization Name

    • Organization Unit Name

    • Common Name

      Common name usage is different for client certificates than it is for server certificates. Generally, the common name on a client certificate is the proper name of the individual requesting a certificate. In the case of server certificates, the common name must be the same as your server's DNS host name (or virtual host name, if name-based virtual hosting is used). Browsers compare the common name in the server certificate with the host name of the server they are connecting to. These must match.

    • Email Address

    • Display the Certificate

  2. View the details of the self-signed certificate (if you chose to display the certificate).

    • Version (SSL 3.0 protocol)

    • Serial number (Certificates issued by a CA have a serial number that is unique to the certificates issued by that CA.)

    • Signature algorithm

    • Issuer

    • Validity (inception and expiration dates)

    • Public key information