HTTPS Certificate Tab
Administration > General Settings > Setup > HTTPS Certificate
On this tab, you can view the HTTPS server certificate for each appliance. To edit, add, or assign an end entity certificate for a specific appliance, click the edit icon next to the appliance for which you want to add a certificate.
HTTPS Certificate Dialog Box
On this dialog box you select the type of certificate to use with the appliance. By default, EdgeConnect appliances present a self-signed server certificate to any client opening a TLS connection to the appliance web UI. To ensure secure communications, TLS clients will cryptographically verify that a trusted Certificate Authority (CA) issued the EdgeConnect certificate. If you use the default option, Self-Signed Certificate, browsers will show this as not secure; most enterprise IT departments will not allow this. Enterprises must set up an HTTPS server certificate for their EdgeConnect appliances if they intend to use the EdgeConnect web UI directly. However, it is highly recommended to perform all configuration through Orchestrator.
There are three ways to set up an HTTPS server certificate for EdgeConnect appliances.
-
Use an EST server and globally orchestrated end entity profiles to automate certificate enrollment. This is the recommended option. For more information about this method, see End Entity Certificates.
NOTE: Configuration for this method is not done on this tab.
-
Manually create a Certificate Signing Request (CSR) in Orchestrator. As part of this process, Orchestrator creates the public key private key pair. The user downloads and submits the CSR for signing by a Certificate Authority (CA). The signed certificate is then uploaded in Orchestrator for use in one of several applications. The end entity certificate contains a label, which is significant to Orchestrator and allows this certificate to be used by referring to its label. You must repeat this process for each EdgeConnect appliance.
To use an end entity certificate obtained by manually creating a CSR in Orchestrator:
NOTE: To use an end entity certificate, you must first create an end entity certificate for use. To do this, see End Entity Certificates Tab.
NOTE: This must be performed one appliance at a time.
-
Navigate to Administration > General Settings > Setup > HTTPS Certificate.
-
Click the edit icon next to the appliance for which you want to add a certificate.
-
Click End Entity Certificate and then select the end entity certificate from the drop-down menu.
-
Click Save.
-
-
Use a Custom Certificate. This requires everything to be done externally including creating the public key private key pair and creating the CSR. This legacy method is not recommended.
To use a Custom Certificate (legacy method):
-
Consult with your IT security team to generate a certificate signing request (CSR), and then submit it to your organization’s chosen SSL Certificate Authority (CA).
-
Examples of Certificate Authorities include GoDaddy, Verisign, Comodo, Symantec, Microsoft Entrust, GeoTrust, and so forth.
-
All certificate and key files must be in PEM format.
-
-
After the Certificate Authority provides a CA-verified certificate, navigate to Administration > General Settings > Setup > HTTPS Certificate.
-
Click the edit icon next to the appliance for which you want to add a certificate.
-
Click Custom Certificate, and then click Upload and Replace.
The Add HTTPS Certificate dialog box appears.
-
If your IT security team advises the use of an Intermediate CA, upload an Intermediate Certificate File. Otherwise, skip this file.
-
Upload the Certificate File from the CA.
-
Upload the Private Key File that was generated as part of the CSR.
-
Click Add to close the Add HTTPS Certificate dialog box.
-
Click Save.
-