Link Search Menu Expand Document

HTTPS Certificate Tab

Administration > General Settings > Setup > HTTPS Certificate

On this tab, you can view the HTTPS server certificate for each appliance. To edit, add, or assign an end entity certificate for a specific appliance, click the edit icon next to the appliance for which you want to add a certificate.

HTTPS Certificate Dialog Box

On this dialog box you select the type of certificate to use with the appliance. By default, EdgeConnect appliances present a self-signed server certificate to any client opening a TLS connection to the appliance web UI. To ensure secure communications, TLS clients will cryptographically verify that a trusted Certificate Authority (CA) issued the EdgeConnect certificate. If you use the default option, Self-Signed Certificate, browsers will show this as not secure; most enterprise IT departments will not allow this. Enterprises must set up an HTTPS server certificate for their EdgeConnect appliances if they intend to use the EdgeConnect web UI directly. However, it is highly recommended to perform all configuration through Orchestrator.

There are three ways to set up an HTTPS server certificate for EdgeConnect appliances.

  • Use an EST server and globally orchestrated end entity profiles to automate certificate enrollment. This is the recommended option. For more information about this method, see End Entity Certificates.

    NOTE: Configuration for this method is not done on this tab.

  • Manually create a Certificate Signing Request (CSR) in Orchestrator. As part of this process, Orchestrator creates the public key private key pair. The user downloads and submits the CSR for signing by a Certificate Authority (CA). The signed certificate is then uploaded in Orchestrator for use in one of several applications. The end entity certificate contains a label, which is significant to Orchestrator and allows this certificate to be used by referring to its label. You must repeat this process for each EdgeConnect appliance.

    To use an end entity certificate obtained by manually creating a CSR in Orchestrator:

    NOTE: To use an end entity certificate, you must first create an end entity certificate for use. To do this, see End Entity Certificates Tab.

    NOTE: This must be performed one appliance at a time.

    1. Navigate to Administration > General Settings > Setup > HTTPS Certificate.

    2. Click the edit icon next to the appliance for which you want to add a certificate.

    3. Click End Entity Certificate and then select the end entity certificate from the drop-down menu.

    4. Click Save.

  • Use a Custom Certificate. This requires everything to be done externally including creating the public key private key pair and creating the CSR. This legacy method is not recommended.

    To use a Custom Certificate (legacy method):

    1. Consult with your IT security team to generate a certificate signing request (CSR), and then submit it to your organization’s chosen SSL Certificate Authority (CA).

      • Examples of Certificate Authorities include GoDaddy, Verisign, Comodo, Symantec, Microsoft Entrust, GeoTrust, and so forth.

      • All certificate and key files must be in PEM format.

    2. After the Certificate Authority provides a CA-verified certificate, navigate to Administration > General Settings > Setup > HTTPS Certificate.

    3. Click the edit icon next to the appliance for which you want to add a certificate.

    4. Click Custom Certificate, and then click Upload and Replace.

      The Add HTTPS Certificate dialog box appears.

    5. If your IT security team advises the use of an Intermediate CA, upload an Intermediate Certificate File. Otherwise, skip this file.

    6. Upload the Certificate File from the CA.

    7. Upload the Private Key File that was generated as part of the CSR.

    8. Click Add to close the Add HTTPS Certificate dialog box.

    9. Click Save.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America