Orchestrator HTTPS Certificate
Orchestrator > Software & Setup > Setup > HTTPS Certificate
Orchestrator includes a self-signed server certificate that secures the communication between the user’s browser and Orchestrator. You can also install a custom server certificate acquired from a Certificate Authority (CA).
The server certificate is presented to any client opening a TLS connection to Orchestrator. This includes web browsers, EdgeConnect appliances, and API Gateways, which will cryptographically verify that a trusted CA issued the Orchestrator certificate.
EdgeConnect appliances are pre-loaded with the Mozilla root store and will validate certificates from all public CAs. All modern operating systems and browsers are pre-loaded with similar root stores. If you wish to use a server certificate signed by a private CA, you must first upload its root certificate at Configuration > Security > Custom CA Certificate Trust Store.
To use a custom certificate with Orchestrator:
-
Consult with your IT security team to generate a certificate signing request (CSR), and submit it to your organization’s chosen SSL Certificate Authority (CA).
-
Examples of Certificate Authorities include GoDaddy, Verisign, Comodo, Symantec, Microsoft Entrust, and GeoTrust.
-
For a list of what is supported, refer to EdgeConnect and Orchestrator Security Algorithms.
-
All certificate and key files must be in PEM format.
-
-
After the Certificate Authority provides a CA-verified certificate:
-
If your IT security team advises the use of an Intermediate CA, use an Intermediate Certificate File. Otherwise, skip this file.
-
Load the Certificate File from the CA.
-
Upload the Private Key File that was generated as part of the CSR.
-
-
To associate the CA verified certificate for use with Orchestrator, click Upload.