HTTPS Certificate Template
On this template you select the type of certificate to use for EdgeConnect appliances within a template group. There are three options to set up an HTTPS certificate for appliances using templates.
-
End Entity Certificate: This is the recommended option. It automates certificate enrollment using an EST server and globally orchestrated end entity profiles if the profile Purpose is set to “TLS Server”.
-
Custom Certificate: This is a legacy option. You install your own custom certificate from a CA certificate authority.
-
Self Signed Certificate: This is the default option. Browsers will not show this as secure, and most IT departments will now allow this. If your enterprise intends to use the EdgeConnect web UI directly, you need to use one of the other options.
To use an end entity certificate (recommended):
Before configuring the HTTPS template to use an end entity certificate, you must first add an EST server profile and create an appliance end entity profile with a Purpose of “TLS Server”. If you have not created an appliance end entity profile, see End Entity Certificates Tab. After you have completed the profile, proceed with the following steps.
-
Navigate to Configuration > Templates & Policies> Setup > Templates.
-
Select the template group.
-
If the HTTPS Certificate template is not active, click Show All and drag the template to the Active Templates column.
-
Click End Entity Certificate.
-
Select an appliance end entity profile from the drop-down menu.
-
Click Save to apply the template changes to the template group.
To use a custom certificate (legacy method):
-
Consult with your IT security team to generate a certificate signing request (CSR) and submit it to your organization’s chosen SSL Certificate Authority (CA).
-
Examples of Certificate Authorities include GoDaddy, Verisign, Comodo, Symantec, Microsoft Entrust, GeoTrust, and so forth.
-
All certificate and key files must be in PEM format.
-
-
After the Certificate Authority provides a CA-verified certificate, navigate to Configuration > Templates & Policies> Setup > Templates.
-
Select the template group.
-
If the HTTPS Certificate template is not active, click Show All and drag the template to the Active Templates column.
-
Click Custom Certificate, and then click Upload and Replace.
The Add HTTPS Certificate dialog box appears.
-
If your IT security team advises the use of an Intermediate CA, upload an Intermediate Certificate File. Otherwise, skip this file.
-
Upload the Certificate File from the CA.
-
Upload the Private Key File that was generated as part of the CSR.
-
Click Add to close the Add HTTPS Certificate dialog box.
-
Click Save to apply the template changes to the template group.