You should use a server certificate, also known as a leaf certificate, that is: Issued by a CA (internal or public), Signed with the private key of the CA (root or intermediate),Has proper Key Usage and Extended Key Usage fields for server authentication and Valid for your hostname (CN/SAN)
¶ If You Run Your Own CA (e.g., Artica, OpenSSL, AD CS):
- Use the root certificate to sign an intermediate certificate
- Use the intermediate certificate to sign your server certificates
- Distribute the root certificate only to trusted clients (browsers, systems )
¶ Create a Server Certificate using the Certificate center
On the left menu select the certificate with the mention “Root certificate”
- Select the Secondary Certificates tab.
- Click on the New server certificate button
- The most important part of the form is Alternative names: set all hostnames you will have to use around SSL services.
- Click on Create button
- Your server certificate is available in the list and you will be able to use it on all SSL services managed by Artica.
