Link Search Menu Expand Document

Orchestrator HTTPS Certificate

Orchestrator > Software & Setup > Setup > HTTPS Certificate

Orchestrator includes a self-signed server certificate that secures the communication between the user’s browser and Orchestrator. You can also install a custom server certificate acquired from a Certificate Authority (CA).

The server certificate is presented to any client opening a TLS connection to Orchestrator. This includes web browsers, EdgeConnect appliances, and API Gateways, which will cryptographically verify that a trusted CA issued the Orchestrator certificate.

EdgeConnect appliances are pre-loaded with the Mozilla root store and will validate certificates from all public CAs. All modern operating systems and browsers are pre-loaded with similar root stores. If you wish to use a server certificate signed by a private CA, you must first upload its root certificate at Configuration > Security > Custom CA Certificate Trust Store.

img

To use a custom certificate with Orchestrator:

  1. Consult with your IT security team to generate a certificate signing request (CSR), and submit it to your organization’s chosen SSL Certificate Authority (CA).

    • Examples of Certificate Authorities include GoDaddy, Verisign, Comodo, Symantec, Microsoft Entrust, and GeoTrust.

    • For a list of what is supported, refer to EdgeConnect and Orchestrator Security Algorithms.

    • All certificate and key files must be in PEM format.

  2. After the Certificate Authority provides a CA-verified certificate:

    • If your IT security team advises the use of an Intermediate CA, use an Intermediate Certificate File. Otherwise, skip this file.

    • Load the Certificate File from the CA.

    • Upload the Private Key File that was generated as part of the CSR.

  3. To associate the CA verified certificate for use with Orchestrator, click Upload.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.