The type of the certificate alias.

The options are:

• aeservices: Refers to the CVLAN, DLG, DMCC, and TSAPI AE Services.

• cmtls: Refers to the CM transport layer security.

• ldap: Refers to LDAP.

• server: Refers to all AE Services, Apache, Tomcat, Web Telephony Interface (WTI), and LDAP.

• web: Refers to Apache, Web Telephony Interface (WTI), and Tomcat.

• rsyslog: Refers to the TLS connection for remote logging.

The method of enrollment of the certificate.

The options are:

• Manual

• Automatic

The data encryption standard (DES) used to encrypt the private key.

The options are:

• 3DES: The default setting.

• DES: Less secure than 3DES and uses a 56-bit key size.

Certificate key or private key password, which is used to lock the certificate key.

The certificate key password re-entered.

The key length of the certificate key.

The options are:

• 1024: Specifies a key length of 1024 bits.

• 1536: Specifies a key length of 1536 bits.

• 2048: Specifies a key length of 2048 bits.

• 4096: Specifies a key length of 4096 bits.

The default setting is 2048.

The appropriate signature algorithm.

The default value is sha256.

The number of days that indicate the lifetime of the certificate.

The default value is 1825 days, which is equivalent to 5 years.

The LDAP entries required by your CA. You must enter these entries in the LDAP format, and they must match the values required by your CA. If you are not sure what the required entries are, contact your CA.

You must enter the FQDN of the AE Services server in the DNS format. You might also need to provide details, such as your company and organization name. Separate each LDAP attribute with a comma and do not use blank spaces. For example:

cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Springfield,ST=Illinois,C=US

If an LDAP name contains an attribute that has a comma within it, you must precede the comma with a backslash (\) when you enter the LDAP name in OAM.

The Distinguished Name (DN) field must not contain any wildcard character, such as an asterisk (*), double dots (..), or a question mark (?).

Certificate key or private key password, which is used to lock the certificate request.

The certificate key password re-entered for validation.

IP address for the SAN parameter.

DNS name or the hosname of the SAN parameter.

Key description contained in the certificate.

The options are:

• Digital Signature

• Non-repudiation

• Key encipherment

• Data encipherment

• Key agreement

• Key certificate sign

• CRL sign

• Encipher only

• Decipher only

Key Usage field must not be blank.

Purpose of the certificate.

The options are:

• SSL/TLS Web Server Authentication

• SSL/TLS Web Client Authentication

• Code signing

• E-mail Protection (S/MIME)

To deselect Extended Key Usage options, use Control+Click.

The URL of the CA Simple Certificate Enrollment Protocol or server.

The unique and descriptive name for the CA certificate.

CA certificate alias can be a name that you assign or a name that the CA assigns. By default, you must use the name assigned by your CA.

The identification of the CA.

To apply the changes.

A server certificate request (CSR) is generated in a pending state.

AE Services permits only one server certificate at a time. If you install more than one server certificate and restart AE Services, the TR/87 service fails to initialize.

To cancel the changes.