Certificate Signing Options

UMS supports three options for ICG certificate signing:

• Use the UMS to create a CA and sign ICG certificates.
  • Advantages: Free of charge, independent
  • Disadvantages: Client users have to check the CA certificate fingerprint when first connecting to ICG, no advanced PKI management features
• Import the root certificate and private key of your existing private CA into UMS, and use the certificate to sign a certificate for ICG.
  • Advantages: Free of charge
  • Disadvantages: Client users have to check the CA certificate fingerprint when first connecting to ICG. You may not want to save your CA private key in a networked application such as UMS, and it may be difficult to synchronize it with your main private CA.
• Import the root certificate of a publicly known CA into UMS, and an ICG certificate signed by it.
  • Advantages: If the CA is one of the approximately 170 that are supported by IGEL OS, users will not need to check the certificate fingerprint at all.
  • Disadvantages: Cost. You will not be able to sign certificates yourself.