Local Certificates

The ID of the certificate and the Common Name (CN) can be found via (1). The ID should not be confused with the serial number.

Here you can create, import, export, view, and revoke your local certificates. A Certificate Signing Request (CSR) can also be generated. In addition, a CSV report can be created via the context menu, listing the channels in which a certificate is used.

Certificates are automatically invalidated after the expiration of their validity period. If one has reason to believe that this certificate is no longer safe because it has been compromised, it can be revoked through (1) and (2) (if you have admin rights). It will not be deleted, because that would mean the data encrypted or signed with this certificate would no longer be readable. Note: The revocation here is merely a local deactivation of the certificate and is not associated with an official entry in the Certificate Revocation List (CRL) as revoked. A certificate deactivated locally in this way can be reactivated via (1) (set the filter accordingly before).

(3) Sets the 'usage flags', i.e. what the certificate can be used for. See sections Signature, Encryption and Authentication by Client Certificate (as client and/or server).

(4) With these checkboxes the so-called 'critical flags' can be set for the settings in (3). They can be used to request that your communication partner, when importing the certificate, checks whether he supports the settings you made in (3). If he does not, he should discard the certificate. We recommend using the default settings shown here in (4) to avoid that your certificate may be rejected. These settings are correct for almost all cases. Only change them if you really know what you are doing.