To use HTTPS/SSL, not only an SSL key pair is required on the Management Unit, but also a (digital) SSL certificate. This server certificate performs the following two tasks:

• The certificate is always system-specific (contains the FQDN) and proves the online identity of the system concerned for the browser on the administration PC.

• The certificate provides the public key with which the browser encrypts its messages to the server on the administration PC.

A self-signed, system-specific certificate which was generated on the system is preinstalled as the standard certificate on each Management Unit.

You can also use other certificates instead of the preinstalled self-signed certificate. The following options are available:

• Use of a self-signed certificate

  A certificate of this type is preinstalled on the system as the standard certificate. It must be explicitly confirmed or imported on any browser with which the SE Manager operates.

• Use of a customer-specific certificate (signed by a customer CA)

  If the customer-specific policy specifies the use of such a certificate, it can simply be installed.

  The certificate is as a rule derived from a customer-specific root certificate. Such a certificate is known to the browsers the customer uses and is accepted without an inquiry (i.e. without being confirmed or imported).

• Use of a commercial certificate (signed by a root CA)

  A certificate of this type is created for a fee by a trusted root certification authority (CA) and is therefore known to all browsers. Consequently every browser accepts such certificates without an inquiry.