1232 Matrix PRASAR UCS System Manual
Self-Signed System Certificate
When a System Certificate is signed using a Root CA Certificate, it generates a Self-Signed System Certificate.
This certificate is generated by the clients themselves or by the Servers and then given to their clients. The Self-
Signed System Certificate is faster to create since it is self-issued but it is not as robust as CA-Signed Certificate.
This certificate must be installed in the trusted list of clients that connect over TLS with the Server. Since the
certificate is self-signed, it is not likely to be in the clients’ trust file, hence, they need to add it. To know more, refer
“Generate Self-Signed System Certificate”.
If a remote client has a policy of accepting certificates only from trusted CAs, then it is likely that the Self-Signed
Certificate sent by the server during TLS negotiation might get rejected. In such cases, you need to install a CA-
Signed System Certificate in the system.
CA-Signed System Certificate
CA-Signed System Certificates are the TLS Certificates which are created by trusted (third-party) Certificate
Authorities, signed and sold to any applicant. These certificates contains the identity of the owner. It is the
responsibility of the CA to verify the owner’s (applicant’s) credentials.
Since the CA-Signed System Certificate is issued by a trusted CA, it ensures complete protection from security
threats.
If you wish to install a CA Signed Certificate in your system, you must do the following.
1. Generate and enroll the Certificate Signing Request (CSR). For more details, refer “Generate Certificate
Signing Request”.
2. Get the Certificate Signing Request (CSR) verified and signed by the Certified Authority (CA).
3. Upload the CA-signed system certificate in the server. For more details, refer “Upload Certificates”.
Enrolling the Certificate Signing Request with CA
Enrollment is a process of obtaining a certificate from any trusted third party (CA). After you have generated and
downloaded the Certificate Signing Request (CSR), you must contact any authorized third party that issues TLS
Certificates to companies or web owners, such as GoDaddy, DigiCert, Thawte, VeriSign, etc. and enroll the
Certificate Signing Request (CSR) with them. These third parties Certificate Authorities (CA) have their charges to
sign and validate the Certificate Signing Request (CSR) for a fixed time interval.
Verification and Signing of the Certificate Signing Request by CA
On receiving the Certificate Signing Request (CSR), the CA verifies the Server’s / User’s credentials. After
successful verification, the CA signs and sends the signed certificate to the server. These signed certificates are
called as CA-Signed System Certificate.
Upload of CA-Signed System Certificate
After the CA-signed system certificate is received, upload it in your server along with the private key. This certificate
will be sent by the server to the clients, if assigned for the service, during TLS negotiation.
To Next Page
Loading...