6.8.1. Procedure – Generating certificates for PSM

Purpose: 

Create a new certificate for the PSM webserver or the Timestamping Authority using the internal CA of PSM, or create a new, self-signed CA certificate for the internal Certificate Authority of PSM.

Balabit recommends using 2048-bit RSA keys (or stronger).

Steps: 

  1. Navigate to Basic Settings > Management > SSL certificate.

  2. Fill the fields of the new certificate:

    1. Country: Select the country where PSM is located (for example HU - Hungary).

    2. Locality name: The city where PSM is located (for example Budapest).

    3. Organization name: The company who owns PSM (for example Example Inc.).

    4. Organization unit name: The division of the company who owns PSM (for example IT Security Department).

    5. State or Province name: The state or province where PSM is located.

  3. Select the certificate you want to generate.

    • To create a new certificate for the PSM web interface, select Generate Server.

    • To create a new certificate for the Timestamping Authority, select Generate TSA.

    • To create a new certificate for the internal Certificate Authority of PSM, select Generate All. Note that in this case new certificates are created automatically for the server and TSA certificates as well.

    Note

    When generating new certificates, the server and TSA certificates are signed using the certificate of the CA. If you have uploaded an external CA certificate along with its private key, it will be used to create the new server and TSA certificates. If you have uploaded an external CA certificate without its private key, use your external PKI solution to generate certificates and upload them to PSM.

    Warning

    Generating a new certificate automatically deletes the earlier certificate.

  4. Click .