Key Generation and Certificate Signing Request

SSL-protocol and data-level encryption are both based on Public Key Infrastructure (PKI) that uses public-private key pairs for asymmetric cryptography.  Generating such key pairs and issuing a certificate signing request are initial steps for enabling privacy.  Learn how to generate keys in Forum Sentry without requiring command line toolkits such as openssl. These key pairs can then be consumed by SSL or content encryption policies for securing XML, HTML, SOAP, JSON over a variety of protocols.

After you log into the web-based Forum Sentry administrative interface, expand Resources in the left hand navigation panel and select Keys. A simple wizard will walk you through the key generation process.


In the figure above, an RSA of 4096-bit key size is selected for generation.  It is recommended that 2048 or higher key size should be used for SSL and content-level encryption.  A higher key size provides greater security, however, it does require more processing power especially for private key operations such as data decryption.


Administrators can simply add Identifying Information and specify the validity duration for the certificate.  Admins have the option of generating self-signed certificates or enrolling with a CSR.  For testing and prototyping purposes, it is convenient to use a self-signed certificate, however, it is strongly recommended to enroll with a CSR or use the local Certifying Authority (CA) key pair to sign the generated certificate.