Generate self-signed certificates

Use this procedure if you selected to create a self-signed certificate in step 2 of Set up certificates for a community.

The following are the steps for generating and associating with a community either a single self-signed certificate for both encrypting and signing documents or two self-signed certificates (dual key), one for encrypting and one for signing.

  1. On the first certificate wizard page, select Create a self-signed certificate, and click next.
  2. On the request certificate page, select:
    • Single key certificate if you want one certificate for both signing and encrypting documents.
    • Dual key certificate if you want two certificates, one for signing documents and another for encrypting documents.
  3. Select one of the following encryption key lengths from the key length drop-down list:
  4. 512

    Normal encryption.

    1024

    Strong encryption.

    2048

    Very strong encryption (Default).

    3072

    Very strong encryption.

    4096

    Very strong encryption.

  5. For the validity period, either accept the default value of two years, or type the length of time you want the certificate to be valid in the validity period field. Select days, months or years from the drop-down list.
  6. Select one or more options to specify how the key will be used for this community. By default, all options are selected. You must select at least one of the following:
    • Signing ( digitalSignature)
    • Non-repudiation ( nonRepudiation)
    • Encryption ( keyEncipherment)
  7. Click Next to review your certificate request.
  8. On this page you can review your selections for:
    • Key type (single key pair or dual key pair)
    • Key length
    • Key validity period
    • Key usage
  9. Review the information on the page. If you want to make any changes. click Back.
  10. Click Next to display the certificate details page.
  11. Optionally type a name for the certificate in the Name field. This name can help you identify the certificate in the display lists of the user interface. By default the system uses the community name as the certificate name.
  12. On this page you can select an option for making the certificate the default certificate. The options that are displayed vary depending on the usage that you selected for the certificate:
    • Make this the default signing certificate – Appears only if the certificate is used for digitalSignature or nonRepudiation, or both. If this option is displayed, it is selected by default.
    • Make this the default encryption certificate – Appears only if the certificate is used for keyEncipherment. If this option is displayed, it is selected by default.
    • Make this the default certificate for SSL client authentication – Appears only if the certificate is used for digitalSignature or nonRepudiation, or both. The community presents this certificate to a partner who requests client authentication to connect to a SSL server. See SSL authentication. If this option is displayed, it is not selected by default.
  13. If there is a checkbox for Send certificate exchange messages to partners, see Replace certificates automatically for information about CEM and SCX certificate exchanges.
  14. Click Finish to generate the certificate. After the certificate is generated, the certificates page reappears and displays the new certificate.

Distribute certificate information

  • If you are setting up a community for the first time, you must distribute your certificate information by sending it to partners by e‑mail or some secure means. This can be done by exporting your certificate as part of your community. See Back up a community as a partner.
  • If you need to distribute your certificate to your trading partners who use other interoperable software, see Export a certificate to a file.
  • Before you attempt to exchange encrypted and signed documents, you should contact each partner with whom you exchanged certificates and confirm that the fingerprints in both your certificates are identical. For more information see MD5 and SHA1 fingerprints.

Related topics

Related Links