Sign a certificate
A certificate may only be published in a device after it has been signed by a certification authority.
Since the signature is a trustworthy establishment that guarantees that the device is in fact who it says it is.
After making the request as explained in the previous chapter and the request changes to the status Generated, the option to request a subscription can be made.
A certificate may be self-signed or signed by a certificate authority.
self-signed: A self-signed certificate is recommended for devices that will only communicate with others who are on the same network, who in other words know each other and therefore trust each other. Thus one recognizes the other's signature as valid.
Signed by a certificate authority: Authority-signed certificates are recommended for devices that will communicate with others outside your network since they do not have an established trust relationship with your device and will trust the signature of an authority (known and proprietary) that says the device is who it says it is.
To do so, access the requisition form: Certificates ➔ Requests and search for the certificate you want to sign and confirm that it has been generated in the status column, then follow the instructions:
Click on the Action button of the certificate you wish to sign and select the Request Signature option.
On the form select whether the certificate will be self-signed or No (the signature will be made by a certification authority)
If the answer is No, select from the options the certification authority that will sign the certificate.
In the field Reason describe why you want to sign the certificate
Then select the Reason from the certificate signature and finally click Save.
If the user requesting the signature is in a group that needs approval, the certificate will only be signed after approval by one of the group's approving users.
When the certified authority signs the certificate it will be displayed in the certificate report: Certificates ➔ Certificates.