Certificate Signing Options
UMS supports three options for ICG certificate signing:
Use UMS to run your own private CA and use it for signing ICG certificates. Advantages: Free of charge, independent Disadvantages: Client users have to check the CA certificate fingerprint when first connecting to ICG, no advanced PKI management features Import the root certificate and private key of your existing private CA into UMS, and use the certificate to sign a certificate for ICG. Advantages: Free of charge Disadvantages: Client users have to check the CA certificate fingerprint when first connecting to ICG. You may not want to save your CA private key in a networked application such as UMS, and it may be difficult to synchronize it with your main private CA. Import the root certificate of a publicly known CA into UMS, and an ICG certificate signed by it. Advantages: If the CA is one of the approximately 170 that are supported by IGEL OS, users will not need to check the certificate fingerprint at all. Disadvantages: Cost. You will not be able to sign certificates yourself.