Link Search Menu Expand Document

Custom CA Certificate Trust Store

Configuration > Overlays & Security > Security > Custom CA Certificate Trust Store

EdgeConnect appliances are pre-loaded with the Mozilla root store, which contains the root certificates of public CAs. The appliance uses this root store for cryptographic verification when opening TLS connections to Orchestrator and Cloud Portal. If you choose to build your own certificate trust store, you must enable the Custom CA Certificate Trust Store and upload the certificates here.

NOTICE: If you are using Orchestrator SP or Orchestrator aaS, you should never use the Custom CA Certificate Trust Store. It should only be used with a self-hosted Orchestrator (on-prem or cloud) that requires a custom certificate.

This feature is commonly used if you have deployed a web proxy between EdgeConnect and Orchestrator or Cloud Portal, or if you do not wish to purchase a certificate from a public CA. This feature can also be used if you choose to use a server certificate signed by a private CA.

If you want your Orchestrator and appliances to establish connectivity with any of the following services, you must add the certificates for these services to the Custom CA Certificate Trust Store:

  • Aruba Cloud Portal

  • Google APIs

  • Remote authentication, such as OAuth, JWT, or SAML

  • Remote log receiver

  • Netskope

  • Zscaler

  • Azure

  • Aruba ClearPass Policy Manager

Follow these steps to add a certificate to the custom certificate trust store:

  1. Click Add Certificate to Custom Trust Store.

    The Add/Edit Custom Certificates dialog box opens.

  2. Enter an Alias for the certificate in the Alias field.

  3. Paste the root certificate into the Certificate field.

  4. Click Save.

After uploading the root certificate, follow these steps to enable the custom certificate trust store:

  1. Click Test Connectivity to Portal to validate that appliances can successfully connect to Orchestrator and Cloud Portal using the custom CA.

  2. Click the Use Custom Certificate Trust Store check box.

  3. Click Apply Changes.

To have the EdgeConnect appliance verify the Orchestrator certificate, you must click the Verify Orchestrator Certificate check box on the Advanced Security Settings dialog box. To do this, navigate to Configuration > Overlays & Security > Advanced Security Settings.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America