1. Generating a keyring file with a self-signed or third-party certificate
To set up TLS on your server, you need a server certificate from an Internet certificate authority.
2. Viewing TLS server certificates
You can view information about TLS server certifications
3. Changing the password for the server key ring file
You can change the password for the server key ring file. The password must be at least 12 alphanumeric characters.
4. Marking or unmarking a CA's certificate as a trusted root
Remove a CA's certificate as a trusted root from the server certificate when you no longer want to communicate with servers and clients that use certificates signed by that CA.
5. Viewing requests for certificates
Server administrators can view information about certificate requests that they sent to a CA to keep track of the request. The request document tracks the method used to submit the certificate, date and time of the request, the key ring file for the certificate, information about the certificate, and, if used, the email address to which the server administrator sent the request.
6. Renewing expired certificates
After a certificate expires, you can no longer use it to communicate with servers and clients. If you obtained a server certificate from a third-party certificate authority, you may be able to renew it by submitting a request to the third-party CA's Web site, which often includes your user name, password, and a challenge phrase. If it is possible to renew your server certificate, this information is accepted and you will be prompted to renew. If you cannot renew your server certificate, you will have to submit a request for a new one.
7. Creating a self-certified certificate to test TLS certification
You can create a self-certified certificate to test the certificate procedure at your organization. Because this certificate is not certified by a CA, use it only for testing purposes.