Secure Mobile Access 12.4 Administration Guide

Creating a Self-Signed Certificate

If you plan to use a self-signed SSL certificate (instead of obtaining a certificate from a commercial CA), you can create one using AMC. A host is not selected for the certificate, because there is no one to one mapping of certificates to hosts. Wildcard certificates allow one certificate to map to multiple hosts. In addition, a self-signed SSL certificate can be created with multiple FQDN or IP addresses.

To create a self-signed certificate

  1. In the AMC, navigate to System Configuration > SSL Settings.

  2. In the SSL Certificates area, click Edit.

  3. Click the + (New) icon.

  4. Select Create self-signed certificate from the menu.

  5. In the Fully qualified domain name field, type a wildcard domain name such as *.domainname.com, or type the individual server name as you want it to appear in the certificate:

    • The main appliance certificate can be a wildcard certificate, or you might type something like vpn.example.com. You must add this name to your external DNS to make the appliance accessible to users.

      This is the name users will enter for access to Web-based resources on your network. For a wildcard certificate, the * matches any string of characters up to the dot, such as specific server names. You also reference this name when configuring the Connect clients to provide access to TCP/IP resources.

    • If this certificate will be used by AMC (as opposed to WorkPlace), you might type something like amc.example.com. In most cases, you should add this name to your internal DNS to simplify access to AMC.
    • Any number of SANs can be added to a certificate, but the text input field is 1,000 characters maximum. Simply enter multiple FQDNs and/or IPv4 or IPv6 addresses separated by commas. SANs can contain wildcard entries (*.example.com, *.access.example.com), unique FQDNs (access.example.com, vpn.example.com), and IP addresses.

      The entered FQDNs and IP addresses are encoded in the subject alternative name certificate extension and FQDNs are encoded as an additional SAN name in the certificate. If a SAN is an IP address, it is encoded as an IPAddress in the SAN extension instead of a DNSName.

  6. In the Alternative names field, type any additional FQDNs or IP addresses that should appear in the certificate using the Subject Alternative Name certificate extension. Separate multiple alternative names and IP addresses with a comma.

  7. In the Organization field, type the company or organization name as you want it to appear in your SSL certificate.

  8. In the Country field, type the two-letter abbreviation for your country. For a list of valid country codes, go to the International Organization for Standardization (ISO) Web site at http://www.iso.org and look for information on ISO 3166-1.

  9. In the Key size list, select the key length you want to use for the key. Larger keys increase security.

  10. In the Signature list, select the algorithm used for the certificate.

  11. Click Save.

  12. Click Pending changes and then apply the changes. (For more information, see Applying Configuration Changes.)

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.