128
SX-GATE will include the CA's public key with every issued
certificate, so if a client receives a certificate issued by SX-
GATE, there's usually no need to forward the CA certificate
separately.
Create a new or import a CA certificate
This feature allows you to create a CA certificate on a new SX-GATE. You can also
restore the CA certificate from a backup file here.
A CA certificate which was created by SX-GATE will be valid
for 20 years. Generally it does not make sense to issue a new
certificate long before the old one expires. Except of course the
privacy of the certificate can no longer be guaranteed.
Create a new CA certificate
This feature allows you to create a CA certificate on a new SX-GATE.
A CA certificate which was created by SX-GATE will be valid
for 20 years. Generally it does not make sense to issue a new
certificate long before the old one expires. Except of course the
privacy of the certificate can no longer be guaranteed.
Backup CA key-pair
The key pair of the SX-GATE CA can be exported in PKCS#12 format to save a backup.
Please note that this export also contains the private key which must remain completely
secret.
Delete CA private key
To improve the security of the SX-GATE CA, you can erase the private key of the root
certificate. You should do so if you don't need to issue new certificates in the near
futures.
Of course you have to backup the CA certificate before deleting
its private key. Use the export function to create the backup. You
should store it on a reliable medium in a safe place. Reinstall the
private key with the import feature as soon as you need to use
the CA again.