Requirements for custom certificates used in Open Single Management Platform
The table below shows the requirements for custom certificates specified for different components of Open Single Management Platform.
Requirements for Open Single Management Platform certificates
Certificate type | Requirements | Comments |
---|---|---|
Common certificate, Common reserve certificate ("C", "CR") | Minimum key length: 2048. Basic constraints:
Extended Key Usage (optional): server authentication, client authentication. | Extended Key Usage parameter is optional. Path Length Constraint value may be an integer different from "None," but not less than 1. |
Web Server certificate | Extended Key Usage: server authentication. The PKCS #12 / PEM container from which the certificate is specified includes the entire chain of public keys. The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the The certificate meets the effective requirements of web browsers imposed on server certificates, as well as the current baseline requirements of the CA/Browser Forum. | Not applicable. |
OSMP Console certificate | The PEM container from which the certificate is specified includes the entire chain of public keys. The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the The certificate meets the effective requirements of web browsers to server certificates, as well as the current baseline requirements of the CA/Browser Forum. | Encrypted certificates are not supported by OSMP Console. |