.. _sso-certificate-management:


.. rst-class:: chapter-with-expand

SSO Certificate Management
--------------------------

Use this procedure to create a self-signed or third-party-signed system certificate
to use when setting up Single Sign-On (SSO) on the web proxy node on VOSS Automate.

.. note::

   * Web server certificate management is carried out on the VOSS Automate command line.
     Refer to the CLI documentation for details.
   * During customer onboarding, SSO certificate creation is customer specific.


**Procedure**

1. Log in as system administrator.
#. Choose **Single Sign On > Certificate Management**.
#. Click **Add**.
#. On the **Base** tab, enter a **Name** and **Description** for the certificate.

   * For a self-signed certificate, leave the **Generate Certificate Signing
     Request** check box clear.
   * For a third-party-signed certificate, select the **Generate Certificate
     Signing Request** check box.
     
#. For a self-signed certificate, control when the certificate is valid
   by changing the Valid From and Valid To fields. These are measured in
   seconds and default to 0 (now) and 315360000 (10 years), respectively.
#. (Optional) Change the **Key Length** from the default of 1024.
#. Click the **Certificate Information** tab, and complete all mandatory fields
   (see **Certificate Management** fields).
#. Click **Save**.
#. If you created a self-signed certificate you are done. If you requested a
   third-party-signed certificate, continue to the next step.
#. Click the certificate you just created.
#. Choose **Action > Export Certificate Request**.
#. Follow your organization's procedures to obtain the third-party signature for
   the certificate.
#. Click the certificate.
#. Choose **Action > Upload Signed Certificate**.
#. Browse to the signed certificate and click **OK**.


Certificate Management Fields
.............................

.. tabularcolumns:: |p{4cm}|p{6cm}|

+---------------------+------------------------------------+
| Field               | Description                        |
+=====================+====================================+
| Common Name \*      | Enter the FQDN for your server.    |
+---------------------+------------------------------------+
| Country Code \*     | A two-digit country code           |
+---------------------+------------------------------------+
| State \*            | An appropriate country subdivision |
+---------------------+------------------------------------+
| City \*             | Your city                          |
+---------------------+------------------------------------+
| Organization \*     | Your organization                  |
+---------------------+------------------------------------+
| Organization Unit \*| Your organization subunit          |
+---------------------+------------------------------------+