Signer certificates collection
Use this page to manage signer certificates in key stores. Signer certificates are used by Java™ Secure Socket Extensions (JSSE) to validate certificates sent by the remote side of the connection during a Secure Sockets Layer (SSL) handshake. If a signer does not exist in the trust store that can validate the certificate sent, the handshake fails and generates an "unknown certificate" error.
To view this administrative console page, click Security > SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration. Under Related items, click Key stores and certificates > key store. Under Additional Properties, click Signer certificates.
| Button | Resulting action |
|---|---|
| Add | Adds a new trusted (signer) certificate. |
| Delete | Deletes an existing signer certificate. |
| Extract | Extracts a signer certificate from a personal certificate to a file. |
| Retrieve from port | Makes a test connection to an SSL port and retrieves the signer from the server during the handshake. The information from the certificate will be displayed so you can decide whether to trust it based upon the MD5 and/or SHA hash. |
Alias
Specifies the alias for this signer certificate in the key store.
Issued to
Specifies the distinguished name of the entity that requested the certificate.
Fingerprint (SHA digest)
Specifies the Secure Hash Algorithm (SHA hash) of the certificate. This can be used to verify the hash for the certificate at another location, such as the client side of a connection.
Expiration
Specifies the expiration date of the signer certificate for validation purposes.