In Public-Key Infrastructure (PKI), an identity certificate is an electronic document, which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization and address of a person or an organization. The identity certificate is also known as digital certificate or public key certificate. You can use the certificate to verify if a public key belongs to a service.

System Manager supports the following tasks on the identity certificate of a service:

• View: Provides details, such as subject, issuer, key size, fingerprint, expiry date, and subject alternative name of the certificate that a service uses.

• Add: Adds an additional certificate for following services of Session Manager:

  • securitymodule_http (HTTP)

  • securitymodule_sip (SIP)

• Replace: Services that are exposed to external clients may require to present an identity certificate issued by a commercial root CA.

  For example, if a service is exposed to multiple SIP endpoints, you cannot add the certificate of the private Certificate Authority (CA) to the trusted certificate store of each client. If each SIP endpoint is configured to trust certificates issued by a commercial CA, then replace the certificate presented by the service with a certificate issued by a commercial CA. Also, in protocols like HTTP, the CN value of the certificate must match the host name of the server presenting the certificate. If the host name changes, the CN must change.

• Export: Exports the selected certificate from the list of trusted certificates to a PEM formatted file.

• Renew: Central administrator might need to reissue an identity certificate that was originally issued by the deployment CA. For example, an identity certificate has a validity date. Therefore, the administrator must replace the certificate before the certificate expires to avoid rejection of the certificate by the service peer.