Creating Self-Signed Certificates in Key Manager Plus

Key Manager Plus allows administrators to create their own self-signed certificates using Java keytool. These certificates are automatically imported into the Key Manager Plus repository on successful creation.

To create a self-signed certificate using Key manager plus:

  1. Navigate to the SSL >> Certificate tab in the GUI.
  2. Click the Create button.
  3. Enter the details of the organization and certificate validity, and select the Key Algorithm and Key Size, Signature Algorithm, and enter a key Store Password in the create certificate tab.
  4. Choose the Validity Type as Days and specify the number of days for which the certificate will be valid.
  5. To create an ephemeral certificate with limited validity period, choose the Validity Type as Hours or Minutes and provide the validity period. The certificate will expire after the specified time (this option is applicable from build 5850 onwards).
  6. Mention the email address to which the 
  7. You can denominate the certificate to be generated as a root certificate by enabling the Generate root certificate check-box. 
  8. To add optional properties to the new certificate, click Advanced Options to expand the menu. Here, there are two categories of options, Key Usage and Extended Key Usage. Select the required options to set the preferred flags for the certificate to denote the purpose for which the new certificate may be used. The Key Usage options include Non Repudiation, Digital Signature, Data or Key Encipherment, Server/Client Authentication etc. You can choose the properties and mark them as critical by selecting the Critical checkbox.
  9. Click the Create button. You will be redirected to the certificate window where the certificate content is displayed.
  10. You can copy the certificate content, or export the certificate to required email or system.
    1. Email – Select this check box to send the certificate file via email to the specified mail id.
    2. Export – Select this check box to export the file to your system.
  11. Both the options take effect once you click the Save button.
  12. Click the Save button to save the certificate in the Key Manager Plus repository, and export the certificate file, if opted in earlier step.

(Applicable from build 5920 onwards)


Apart from having a wildcard certificate name in the Common Name field, you can add the wildcard name in the SAN field while creating a self-signed certificate. With wildcard certificates, one can secure an unlimited number of subdomains for a registered base-domain.

For example, consider the base-domain, a wildcard certificate for * can secure The asterisk (*) is the wildcard that corresponds to any valid subdomain.