To ensure that the certificate and public ID of the system are valid and secure, each system has a digital Secure Sockets Layer (SSL) certificate.
During system setup, an initial certificate is created to use for secure connections between web browsers. Based on the security requirements for your system, you can create either a new self-signed certificate or install a signed certificate that is created by a third-party certificate authority. Self-signed certificates are generated automatically by the system and encrypt communications between the browser and the system. Self-signed certificates can generate web browser security warnings and might not comply with organizational security guidelines.
Signed certificates are created by a third-party certificate authority. These certificate authorities ensure that certificates have the required security level for an organization based on purchase agreements. Signed certificates usually have higher security controls for encryption of data and do not cause browser security warnings.
Before creating a request for either type of certificate, ensure that your current browser does not have restrictions on the type of keys used for certificates. Some browsers limit the use of specific key-types for security and compatibility issues.
To manage the SSL certificate that is installed on a system, use either the svctask chsystemcert command-line interface (CLI) command or click in the management GUI to do the following tasks: