Types
of Certificates
There
are two types of certificates – self-signed certificate and
a certificate signed by a certificate authority (CA).
A
self-signed certificate is a certificate that is
signed by the HMC that created the certificate.
The
first time you boot up the HMC, a self-signed certificate is automatically
created. In this certificate, the common name (CN) is equal to the
hostname and domain name at that time (and any IP addresses) and
the default expiration value is 10 years.
You
can modify the values of a self-signed certificate using the Launch
Guided Setup Wizard task (mainly used when setting up your new system
and the HMC), using the Changing Network Settings task, and using
the Managing Certificates task. You can also create a new self-signed
certificate using the Managing Certificates task.
A certificate signed by a Certificate Authority (CA)
means that the certificate is signed by a trusted third-party certificate
provider. The provider verifies and validates the required enrollment
information you provided about the certificate. The provider can
be an organization internal to your company that is authorized to
sign certificates, or the provider can be a well-known security
company providing certificate authority services (such as Verisign
and Entrust).
Browser
Considerations
Each
browser contains a list of the CAs to be trusted. When a browser
points to a secure server, the browser verifies that the server
certificate was issued by a trusted CA. If the CA is not trusted
or is not in the list, a warning window displays.
For
most browsers, well-known security providers such as Verisign and
Entrust are on this list of trusted CAs. If an internal provider
is the trusted CA, this provider must be added to the list of trusted
CAs on each Web browser accessing the secure server. Otherwise,
a warning window displays.
|