File format 3 file formats are suggested:
l Base64 format (PEM - Privacy-enhanced Electronic Mail), It allows encoding X509 certificates
in Base64. A PEM-type certificate may look like this:
-----BEGIN CERTIFICATE-----
MIIDdzCCAuCgAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBpDELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkdFMQ8wDQYD
VQQHEwZHZW5ldmExHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgR2VuZXZhMSQwIgYDVQQLExtVTklHRSBDZXJ0aWZpY
2F0ZSBBdXRob3JpdHkxETAPBgNVBAMTCFVuaUdlIENBMR8wHQYJKoZIhvcNAQkBFhB1bmlnZWNhQHVuaWdlLmNoMB
4XDTk5MTAwNDE2MjI1N1oXDTAwMTAwMzE2MjI1N1owgbExCzAJBgNVBAYTAkNIMQswCQYDVQQIEwJHRTEPMA0GA1
UEBxMGR2VuZXZhMR0wGwYDVQQKExRVbml2ZXJzaXR5IG9mIEdlbmV2YTEeMBwGA1UECxMVRGl2aXNpb24gSW5mb
3JtYXRpcXVlMRowGAYDVQQDExFBbGFpbiBIdWdlbnRvYmxlcjEpMCcGCSqGSIb3DQEJARYaQWxhaW4uSHVnZW50b2J
sZXJAdW5pZ2UuY2gwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALIL5oX/FR9ioQHM0aXxfDELkhPKkw8jc6I7BtSY
Jk4sfqvQYqvOMt1uugQGkyIuGhP2djLj6Ju4+KyKKQVvDJIu/R1zFX1kkqOPt/A2pCLkisuH7nDsMbWbep0hDTVNELoKVoVIA
azwWMFlno2JuHJgUcs5hWskg/azqI4d9zy5AgMBAAGjgakwgaYwJQYDVR0RBB4wHIEaQWxhaW4uSHVnZW50b2JsZXJAd
W5pZ2UuY2gwDAYDVR0T200BAUwAwIBADBcBglghkgBhvhCAQ0ETxZNVU5JR0VDQSBjbGllbnQgY2VydGlmaWNhdGUsI
HNlZSBodHRwOi8vdW5pZ2VjYS51bmlnZS5jaCBmb3IgbW9yZSBpbmZvcm1hdGlvbnMwEQYJYIZIAYb4QgEBBAQDAgSwM
A0GCSqGSIb3DQEBBAUAA4GBACQ9Eo67A3UUa6QBBNJYbGhC7zSjXiWySvj6k4az2UqTOCT9mCNnmPR5I3Kxr1GpWT
oH68LvA30inskP9rkZAksPyaZzjT7aL//phV3ViJfreGbVs5tiT/cmigwFLeUWFRvNyT9VUPUov9hGVbCc9x+v05uY7t3UMeZejj
8
zHHM+
-----END CERTIFICATE----
The markers "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" frame the block of lines
(the number of which is variable), each being 64 characters-long [A-Za-z0-9/+].
It is a format which is often transmitted by e-mail because this format is resistant to distortions
caused by mail software.
The PEM file is a text file which contains this type of information.
Likewise, a CRL file type contains chains of coded characters in Base64 framed by markers
like "-----BEGIN X509 CRL-----" and "-----END X509 CRL-----".
As for the private key file, it contains character strings encoded in Base64 framed by
markers like: "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----".
l Binary format (DER - Distinguished Encoding Rules), containing the user’s certificate in binary
format.
l Container (PKCS#12), containing the private key and the user certificate as well as the CA’s
certificate. Furthermore, it is encrypted.
File
password (if
PKCS#12)
Define a password for the PKCS#12 file, if this is the format you have chosen (the same as for
publishing the user certificate in the LDAP).
The icon allows you to view the password in plaintext to check that it is correct.
Items to
import
Given that each file format contains different items, you can choose to import a file or part of it
through the following choices.
All: Imports all items contained in your files.
Or select only the following:
Certificate(s) Private key (s) CRL Certification authority (CA) Request(s)
Overwrite
existing
content in
the PKI
If you select this option, contents similar to the items above will be overwritten in the PKI, in
favor of new certificates/private keys/CAs and requests.
Click on Next. You will see a summary of the data regarding the import of your file (its name,
format and items to import).
Click on Finish.
Page 74/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
CERTIFICATES AND PKI
To Next Page
Loading...
