IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Possible operations
Search bar
Enter the name of the particular certificate or CA you are looking for if it exists.
The search field will list all certificates and CAs with names that correspond to the keywords entered.
Example
If you type “a” in the search bar, the list below it will show all certificates containing an “a”.
Filter
This button allows you to select the type of certificate to display and to view only items that are relevant to you. A drop-down menu offers the following choices:
- "Filter: All": displays in the list on the left all existing authorities, identities and certificates,
- "Filter: Certification authorities": displays in the list on the left all authorities and sub-authorities,
- "Filter: User certificates": displays in the list on the left only user certificates and the authorities on which they depend,
- "Filter: Server certificates": displays in the list on the left only server certificates and the authorities on which they depend,
- "Filter: Smart card certificates": displays in the list on the left only smart card certificates and the authorities on which they depend,
Add
Add various items to the PKI with this button:
- Root authority,
- Sub-authority,
- User certificate,
- Smart card certificate,
- Server certificate,
And Import a file containing items from the above categories.
For further information on these operations, refer to the sections Adding a root authority, Adding a sub-authority, Adding a user certificate, Adding a smart card certificate, Adding a server certificate and Importing a file.
Refer to the section Allowed names to find out which characters are allowed and prohibited in various fields.
Delete
Use this button to remove an authority, sub-authority or certificate from the PKI.
For further information on these operations, refer to the section Deleting a root authority, sub-authority or certificate.
Action
This button performs actions in the left column. Select an authority, sub-authority or certificate from the list and click on Action.
The possible actions vary according to the type of object selected in the list on the left:
Authority or sub-authority
| Create or renew a CRL | A CRL (Certificate Revocation List) is a list of certificate IDs that have been revoked or are no longer valid and are no longer trustworthy. The certification authority signs this list in order to prevent it from being modified by unauthorized parties. This action makes it possible to create or renew a CRL for the selected CA or sub-CA. Enter the password that protects the authority, and then click on Create or renew a CRL. |
| Remove the CRL | This action allows deleting the CRL for the selected CA or sub-CA. Note |
| Set as default | This action makes it possible to define the certification authority used by default on the firewall. |
Certificate
| Delete private key | This action allows deleting a certificate’s private key. When the certificate is used in the firewall’s configuration, you will be asked to confirm the deletion. It will then be possible to:
Note |
| LDAP publication | This action allows publishing a user’s certificate in the LDAP directory. For more information on this action, refer to the section Publishing a certificate in the LDAP directory. |
Download
With this button, you can download:
- Certificates of authorities and sub-authorities,
- CRLs of authorities and sub-authorities,
- User certificates, smart card certificates and server certificates.
For further information on these operations, refer to Downloading a certificate from an authority or sub-authority, Downloading a user, smart card or server certificate and Downloading a CRL.
Check usage
You can look for the features or modules that use the selected certificate, CA of sub-authority selected.