Document toolboxDocument toolbox

(12.3.2-en) Certificate

Owned by Emese Pogany
Jul 26, 2023
2 min read

This article shows how to specify the basic data for the certificate to be issued by the certification body for SCEP in IGEL OS.

Menu path: Network > SCEP Client (NDES) > Certificate



Type of CommonName/SubjectAltName

The characteristic for linking the certificate to the device.

  • IP address: The IP address of the device.
  • DNS name: The DNS name of the device. (Default)
  • IP address (auto): The IP address of the device (inserted automatically).
  • DNS name (auto): The DNS name of the device (inserted automatically).
  • Email address: An email address.
  • DNS name as UPN (auto)

If the client automatically obtains its network name,  DNS name (auto)  is a good type for the client certificate.


CommonName/SubjectAltName

The parameter is available if  Type of CommonName/SubjectAltName  is set to  IP address,  DNS name, or  Email address. Give a designation which matches the  Type of CommonName/SubjectAltName. 


CommonName/SubjectAltName Suffix

The parameter is available if  Type of CommonName/SubjectAltName  is set to  IP address (auto),  DNS name (auto), or  DNS name as UPN (auto). Specifies a suffix that will be added to CommonName/SubjectAltName.
Possible values:

  • None: No suffix will be added.
  • Dot + DNS domain (auto): The system's current DNS domain name separated with a dot will be added. Example:  .igel.local

  • Free text entry: The manually entered suffix will be added. Take notice that the percent symbol "%"  is used for introducing the escape sequence, and thus the following replacements take place automatically:

    • % D  is replaced by the system's DNS domain name at the time the  certificate signing request  (CSR) is created. Example:  @% D  will be changed into  @ igel.de  if the system's current DNS domain name is  igel.de.
    • %%  will be replaced by  %. Example:  A %% B  will be changed into  A % B.

    • Other combinations with  %  are currently discarded. Example:  A % BC  will be changed into  A C.

      If you have to specify the suffix manually, make sure you enter the separator.


Organizational unit

Stipulated by the certification authority


Organization

A freely definable designation for the organization to which the client belongs


Locality

Details regarding the device’s locality. Example: "Augsburg".


State

Details regarding the device’s locality. Example: "Bayern".


Country

Two-digit ISO 3166-1 country code. Example: "DE".


RSA key length (bits)

Defines the key length (one suited to the certification authority) for the certificate that is to be issued.
Possible values:

  • 1024
  • 2048
  • 4096