Application Delivery Controller
Certificate Management

Certificates management

Introduction - Digital certificates and keystore

Digital certificates

Digital certificates are documents consisting of a private key and a public key that allow encrypted communication between clients and servers. The public key encrypts the message that only the private key can decrypt. The public key is freely transmitted from the server to any software that requires it, for example browsers, while private keys are secret and password protected.

Digital certificates are usually signed by a Certification Authority, which certifies the validity of the public key issuer. In this way, the software that uses the public key is sure that the issuer of the public key is exactly who it claims to be.

A digital certificate not signed by any authority is said to be self-signed. Communication between client and server is still encrypted, but the certificate will not be considered secure.

With Oplon, you can automatically generate self-signed digital certificates, generate Certification Requests, which are required by authorities to sign the certificate, or automatically generate valid certificates using the ACME protocol.


Keystores are password-protected files that contain digital certificates. A single keystore can contain one or more digital certificates. Digital certificates within the same keystore, must have the same private key password, the so-called password alias.

Oplon handles the following PKCS12, PFX, JKS keystore formats.

Keystores, New100014

To access the Keystore management form:

Main Menu > Files > Keystores

Delete an existing keystore

Copy an existing keystore to another node

Import a keystore

Export a keystore

Edit/view the contents of a keystore

Create a new keystore

When you copy, import, or create a keystore, you are prompted for the target node. When creating, you must enter the name of the new keystore and its password. To edit or view the contents of a keystore, you must enter the password used for creation. Use "defaultpwd property " as a password for keystore preinstalled in Oplon.

Digital certificates

To access the certificate management form contained in the keystore:

Main Menu > Files > Keystores

Select the keystore to press the edit button.

Enter the keytore password.

(use "defaultpwd" as the password for the keystores preinstalled and provided as an example)

Delete an existing certificate

Create a new keystore

Generate certification request for ca

Import CA response

Save changes to keustore

Certification request a Let's encrypt via ACME protocol

Export a certificate

Import a certificate

Creating a new certificate

The data required when creating a certificate is:

  1. Common name: The domain name of the certificate (required).

  2. Subject alternative names: A list of any other domains for which the certificate is valid.

  3. Organisation unit OU: Organizational unit.

  4. Organization: Company name,

  5. Locality: City of Society.

  6. State: Status.

  7. Country: Country code. IT for Italy.

  8. Mail: reference email.

  9. Duration Days: Certificate duration (default 365 days).

  10. Password alias: Password linked to private key (required). Certificates within the same keystore must have the same password.

Certification request.

The CSR certification request generates code64 text that is required for the authority certification to sign the certificate. The CSR is shipped to the certification authority that will respond with a similar text, CA reply, which must be imported into the certificate.

Import CA Reply.

You can import the reply CA directly into the certificate. The reply CA must contain the public certificates of all CAs involved in the signing process.

Acme Certification Request.

Automatically the certification request is generated and the CA reply is imported, through the ACME protocol.


Exports the certificate to PKCS12/PFX or PEM formats. In the case of PKCS12/PFX, a new password is required that will be used for both the keystore and the alias.


You can import a certificate in PEM format into the keystore. You will be prompted for a new password alias

The save and refresh the reinitialization link panel will notify you of any operations that need to be done, for the changes to take effect.

Save and Reset Signal Links