The type of the certificate alias.

The options are:

• aeservices: The CVLAN, DMCC, and TSAPI service certificates.

  If cmtls is not specified, and the switch connection Provide AE Services certificate to switch option is enabled, AE Services uses this certificate for transport layer security.

• cmtls (Default): The Configuration Server transport layer security certificate.

• ldap: The enterprise server certificate.

• server: All AE Services certificates.

• web: Apache HTTP server and Apache Tomcat certificates.

• rsyslog: A TLS connection for remote logging.

The method of certificate enrollment.

• Manual (Default): Manual certificate enrollment.

• Automatic: Automatic certificate enrollment using SCEP.

The data encryption standard (DES) for encrypting the private key.

The options are:

• 3DES (Default): The default encryption algorithm.

• DES: An encryption algorithm that is less secure than 3DES and uses a 56-bit key size.

Certificate key or private key password, which is used to lock the certificate key.

The certificate key password re-entered.

The length of the certificate key.

• 1024 (Default): Specifies a key length of 1024 bits.

• 1536: Specifies a key length of 1536 bits.

• 2048: Specifies a key length of 2048 bits.

• 4096: Specifies a key length of 4096 bits.

The required signature algorithm.

The options are:

• sha1: Indicates Secure Hash Algorithm version 1.

• sha256 (Default): Indicates Secure Hash Algorithm 256.

• sha512: Indicates Secure Hash Algorithm 512.

The number of days that indicate a certificate lifetime.

The default value is 1825 days, which is equivalent to 5 years.

The FQDN of the AE Services server in the DNS format. You might also need to provide additional details, such as your company or organization name. Separate each LDAP attribute with a comma and do not use blank spaces. For example:

cn=myaeserver.example.com,ou=myOrganizationalUnit, o=examplecorp,L=Springfield,ST=Illinois,C=US

If an LDAP name contains an attribute that has a comma within it, you must precede the comma with a backslash (\) when you enter the LDAP name.

The Distinguished Name (DN) field must not contain wildcard characters, such as an asterisk (*), double dots (..), or a question mark (?).

Certificate key or private key password, which is used to lock the certificate request.

The certificate key password re-entered for validation.

IP address for the SAN parameter.

DNS name or the hostname of the SAN parameter.

To use the public key with a digital signature mechanism to support security services other than non-repudiation, certificate signing, or CRL signing.

To deselect Key Usage options, use Control+Click.

To set digital signing within a non-repudiation service.

To use a certificate with a protocol that encrypts keys.

To use the public key for data encryption.

To derive the public key without encryption. You can use this key to encrypt messages between the sender and receiver.

To use the public key for verification of a signature on certificates. You can use this extension only in CA certificates.

To use the public key for verification of a signature on revocation information, such as a CRL.

To use the public key only for enciphering data while performing a key agreement.

To use the public key only for deciphering data while performing a key agreement.

To use the certificate for server authentication.

To use the certificate for client authentication.

To use the certificate for code signing.

To use the certificate for email protection.

To deselect Extended Key Usage options, use Control+Click.

The URL of the CA Simple Certificate Enrollment Protocol (SCEP) or server.

The unique descriptive name for the CA certificate.

CA certificate alias can be a name that you assign or a name that the CA assigns. By default, you must use the name assigned by your CA.

CA unique identifier.