Generating Self-Signed Certificates

Connectivity Secure Shell

Generating Self-Signed Certificates

Self-signed certificates are certificates in which the subject and the issuer are the same. There is no independent means of verifying the trustworthiness of the certificate, as is the case with Root certificates. They are ideal if you need a certificate to test whether or not the connection works. Also, an organization might want to store user information in a certificate, but it may not want (or need) this certificate information to be validated. Self-signed certificates can also be used for authentication and authorization on a private network.

For example, when connecting to a host, the host must provide a certificate. This certificate can be self-signed (and then exported) by the server administrator. If there is no doubt as to the validity of this information and your application is configured to accept self-signed certificates, then the self-signed certificate are sufficient.

To create a self-signed certificate:

  1. Open the Certificate Creation Wizard by clicking User Certificates in the left pane of the console, and then clicking the Create New Certificate button at the bottom of the certificate pane.
  2. On the Wizard Type drop-down list, select Create A Self-Signed Certificate.
  3. Click Next on the welcome screen. The Certificate Information screen opens.
  4. Provide the required information and click Next.
  5. Do one of the following:
    • If you have already created a keypair, select it from the User Keys list, and type the passphrase for the selected key. You can use the buttons below the User Keys list to view key details and change the passphrase.
    • If you have not created a keypair, click the Create New Key button and use the Key Generation Wizard to create a keypair. For more information, see Generating Private/Public Keypairs.
  6. Click Next. The wizard generates the certificate. The public key part of the private/public key combination you specified is stored into the certificate.
  7. Click Finish.
  8. The certificate is encoded and listed in the certificate pane. It is saved in the my.hcs file located in the certs directory where the user files are stored on your machine.