Issuing a new Root Certification Authority

1. Log in to the Stream Administration Interface.

2. Go to Create a new CA from the menu on the left.

3. Input your CA’s internal name and manage the DNs that you’d want to add (using the add_dn button on the top right corner) or to remove (using the remove_ca icon).

4. Select the Keystore that contains the key you want to use to generate this CA, then select the key that you want to use. If you do not have a keystore set up yet, please refer to the Managing Keystores & Keys section.

5. Select Selfsigned as a signing method, and pick the hash algorithm of your choice.

6. Set the lifetime of your CA in days. Optionally, you can set up a backdate and a path length. Once you are done, click "Add".

7. You can directly configure your CA from this menu, by turning on or off enrollment, trusting the CA for client authentication or server authentication or enforcing key unicity. Once you’re satisfied with your settings, click "Add".

If everything was ok, your should see your CA marked as managed on a new trust chain if you go to Certification Authorities > Trust chains:

Stream Trust Chain Menu