Managing Internal Keybindings
The following provides information about how to manage Internal Keybindings.
For more information about the concepts of Internal Keybindings, see Internal Keybindings Overview.
Actions
The following actions are available from the Internal Key Bindings Overview page (System Functions > Internal Key Bindings):
|
Option |
Description |
|
Enable/Disable |
Marks the Internal Key Binding as Active/Disabled. Only Active ones will be used and processed by health-check. |
|
Delete |
Removes the Internal Key Binding, but will not remove the referenced key pair or certificates. |
|
New keys |
Generates a new key pair in the referenced Crypto Token using the same key specification as the current key has and an alias derived from the current alias. |
|
CSR |
Creates a Certificate Signing Request using the next key pair (or current key pair when no next key pair exists). |
|
Update |
Searches the database for the latest issued matching certificate for the next key pair (or current key pair when no next key pair exists) by using SubjectKeyId. |
|
Renew |
When the CA that issued the current certificate is active and resides in the same instance, this will create a new certificate using the same End Entity as the last one was issued with. If a next key pair exists, that key pair will be used. |
Workflows
Setting up an Authentication Key Binding
Authentication keybindings are used to establish mutual TLS, from the upstream node to the downstream node. Thus the Authentication Key Binding needs to be established on the upstream node (commonly the CA) and the signing CA (commonly the Management CA) needs to be recognized on the downstream node (commonly a VA or RA).