UMS supports three options for ICG certificate signing:
-
Use the UMS to create a CA and sign ICG certificates.
-
Advantages: Free of charge, independent
-
Disadvantages: Client users have to check the CA certificate fingerprint when first connecting to ICG, no advanced PKI management features
-
-
Import the root certificate and private key of your existing private CA into UMS, and use the certificate to sign a certificate for ICG.
-
Advantages: Free of charge
-
Disadvantages: Client users have to check the CA certificate fingerprint when first connecting to ICG. You may not want to save your CA private key in a networked application such as UMS, and it may be difficult to synchronize it with your main private CA.
-
-
Import the root certificate of a publicly known CA into UMS, and an ICG certificate signed by it.
-
Advantages: If the CA is one of the approximately 170 that are supported by IGEL OS, users will not need to check the certificate fingerprint at all.
-
Disadvantages: Cost. You will not be able to sign certificates yourself.
-