Creating Certificates

A self-signed certificate contains a public key, information about the owner of the certificate, and the owner's signature. It has an associated private key, but it does not verify the origin of the certificate through a third-party certificate authority.

To achieve the highest level of authentication between critical software components, do not use self-signed certificates, or use them selectively.

A certificate on the client must be associated with the Server in order to initiate an SSL connection. When you are administering the Server on the local computer, you can create certificates using the Certificate Creation Wizard (Tools, then click Certificate Creation Wizard) or import your own. There are three types of files associated with an SSL certificate key pair:

Private key file (.key) - The private key should never be distributed to anyone. It is used to decrypt the session, which is encrypted by the public key.
Certificate request file (.csr) - Each time you create a certificate using the Server, a Certificate request file is also created. This file can be signed by the Server's Certificate Signing Utility or sent to an intermediate certificate authority, such as GeoTrust, for signing.
Certificate file (.crt) - This is a signed certificate, whether self-signed or signed by an intermediate certificate authority.

For maximum compliance with security standards, you should use a trusted authority-signed SSL certificate. You can import certificates or use this wizard to create your own. The private key (.key) and certificate request (.csr) files are created at the same time. You are prohibited from creating certificates for the Server while remotely administering the Server because this action can create a security breach. Any certificates you create remain on the computer on which you created them, unless you take special steps to deliver and associate these files with another computer.