You Are Here:

Creating an HTTPS Certificate Request

Caution: If you plan on entering multiple Subject Alternative Names to your HTTPS Certificate Request, you must do so before filling out the Create Certificate Request tab to avoid losing any information. See Adding HTTPS Subject Alternative Names.

To create an HTTPS Certificate Request:

  1. Navigate to MANAGEMENT > NETWORK: HTTPS Setup, or in the MANAGEMENT > NETWORK Setup, Actions panel, select HTTPS:
  2. Click the Create Certificate Request tab (this is the default tab).
  3. Check the box Create Self Signed Certificate, in order to open up all menu items.
  4. This checkbox serves as a security feature: Check the box only if you are certain about generating a new self-signed Certificate.

    Caution: Once you click Submit, a previously generated Certificate (or the Spectracom default Certificate) will be overwritten.

    Note that an invalid Certificate may result in denial of access to NetClock via the Web UI! (If this occurs, see If a Secure Unit Becomes Inaccessible.)

  5. Fill in the available fields:
    • Signature Algorithm: Choose the algorithm to be used from:
      • MD4
      • SHA1
      • SHA256
      • SHA512
    • Private Key Pass Phrase: This is the RSA decryption key. This must be at least 4 characters long.
    • RSA Private Key Bit Length: 2048 bits is the default. Using a lower number may compromise security and is not recommended.
    • Two-Letter Country Code: This code should match the ISO-3166-1 value for the country in question.
    • State Or Province Name: From the address of the organization creating up the Certificate.
    • Locality Name: Locale of the organization creating the Certificate.
    • Organization Name: The name of the organization creating the Certificate.
    • Organization Unit Name: The applicable subdivision of the organization creating the Certificate.
    • Common Name (e.g. Hostname or IP): This is the name of the host being authenticated. The Common Name field in the X.509 Certificate must match the hostname, IP address, or URL used to reach the host via HTTPS.
    • Email Address: This is the email address of the organization creating the Certificate.
    • Challenge Password: Valid response password to server challenge.
    • Optional Organization Name: An optional name for the organization creating the Certificate.
    • Self-Signed Certificate Expiration (Days): How many days before the Certificate expires. The default is 7200.
  6. You are required to select a signature algorithm, a private key passphrase of at least 4 characters, a private key bit length, and the Certificate expiration in days. The remaining fields are optional.

    It is recommended that you consult your Certificate Authority for the required fields in an X 509-Certificate request. Orolia recommends all fields be filled out and match the information given to your Certificate Authority. For example, use all abbreviations, spellings, URLs, and company departments recognized by the Certificate Authority. This helps to avoid problems the Certificate Authority might otherwise have reconciling Certificate request and company record information.

    If necessary, consult your web browser vendor’s documentation and Certificate Authority to see which key bit lengths and signature algorithms your web browser supports.

    Orolia recommends that when completing the Common Name field, the user provide a static IP address, because DHCP-generated IP addresses can change. If the hostname or IP address changes, the X.509 Certificate must be regenerated.

    It is recommended that the RSA Private Key Bit Length be a power of 2 or multiple of 2. The key bit length chosen is typically 1024, but can range from 512 to 4096. Long key bit lengths of up to 4096 are not recommended because they can take several hours to generate. The most common key bit length is the value 1024.

    Note: The default key bit length value is 2048.

    When using a self-signed Certificate, choose values based on your company’s security policy.

  7. When the form is complete, confirm that you checked the box Create Self Signed Certificate at the top of the window, then click Submit. Clicking the Submit button automatically generates the Certificate Request in the proper format for subsequent submission to the Certificate Authority.
  8. Note: It may take several minutes for NetClock to create the Certificate request and the private key (larger keys will require more time than small keys). If the unit is rebooted during this time, the Certificate will not be created.

    To view the newly generated request, in the HTTPS Setup window, click the Certificate Request tab.

    When switching between tabs within the HTTPS Setup window, the information you have entered will be retained. If you exit the HTTPS Setup window before clicking Submit, the information will be lost.