Chapter 32 Certificates
NXC5200 User’s Guide
458
The following table describes the labels in this screen.
Table 173
Configuration > Object > Certificate > Trusted Certificates > Edit
LABEL
DESCRIPTION
Name
This field displays the identifying name of this certificate. You can
change the name. You can use up to 31 alphanumeric and
;‘~!@#$%^&()_+[]{}’,.=-
characters.
Certification Path
Click the Refresh button to have this read-only text box display the
end entity’s certificate and a list of certification authority certificates
that shows the hierarchy of certification authorities that validate the
end entity’s certificate. If the issuing certification authority is one that
you have imported as a trusted certificate, it may be the only
certification authority in the list (along with the end entity’s own
certificate). The NXC does not trust the end entity’s certificate and
displays “Not trusted” in this field if any certificate on the path has
expired or been revoked.
Refresh
Click Refresh to display the certification path.
Enable X.509v3
CRL Distribution
Points and OCSP
checking
Select this check box to have the NXC check incoming certificates that
are signed by this certificate against a Certificate Revocation List
(CRL) or an OCSP server. You also need to configure the OSCP or
LDAP server details.
OCSP Server
Select this check box if the directory server uses OCSP (Online
Certificate Status Protocol).
URL
Type the protocol, IP address and pathname of the OCSP server.
ID
The NXC may need to authenticate itself in order to assess the OCSP
server. Type the login name (up to 31 ASCII characters) from the
entity maintaining the server (usually a certification authority).
Password
Type the password (up to 31 ASCII characters) from the entity
maintaining the OCSP server (usually a certification authority).
LDAP Server
Select this check box if the directory server uses LDAP (Lightweight
Directory Access Protocol). LDAP is a protocol over TCP that specifies
how clients access directories of certificates and lists of revoked
certificates.
Address
Type the IP address (in dotted decimal notation) of the directory
server.
Port
Use this field to specify the LDAP server port number. You must use
the same server port number that the directory server uses. 389 is
the default server port number for LDAP.
ID
The NXC may need to authenticate itself in order to assess the CRL
directory server. Type the login name (up to 31 ASCII characters)
from the entity maintaining the server (usually a certification
authority).
Password
Type the password (up to 31 ASCII characters) from the entity
maintaining the CRL directory server (usually a certification
authority).
Certificate
Information
These read-only fields display detailed information about the
certificate.