Link Search Menu Expand Document

Orchestrator HTTPS Certificate

Orchestrator > Software & Setup > Setup > HTTPS Certificate

To ensure secure communication, Orchestrator presents a self-signed server certificate to any client opening a TLS connection to Orchestrator. This includes web browsers, EdgeConnect appliances, and API Gateways, which will cryptographically verify that a trusted Certificate Authority (CA) issued the Orchestrator certificate. You can also install a custom server certificate acquired from a CA.

EdgeConnect appliances are pre-loaded with the Mozilla root store and will validate certificates from all public CAs. All modern operating systems and browsers are pre-loaded with similar root stores.

If you choose to use a server certificate signed by a private CA, either you must enable the Custom CA Certificate Trust Store and upload the private root certificate and other required certificates, or you must disable Orchestrator certificate verification.

To enable the custom certificate trust store, see Custom CA Certificate Trust Store. To disable Orchestrator certificate verification, navigate to Configuration > Overlay & Security > Advanced Security Settings and clear the Verify Orchestrator Certificate check box.

img

To use a custom certificate with Orchestrator:

  1. Consult with your IT security team to generate a certificate signing request (CSR), and submit it to your organization’s chosen SSL Certificate Authority (CA).

    • Examples of Certificate Authorities include GoDaddy, Verisign, Comodo, Symantec, Microsoft Entrust, and GeoTrust.

    • For a list of what is supported, refer to EdgeConnect and Orchestrator Security Algorithms.

    • All certificate and key files must be in PEM format.

  2. After the Certificate Authority provides a CA-verified certificate:

    • If your IT security team advises the use of an Intermediate CA, use an Intermediate Certificate File. Otherwise, skip this file.

    • Load the Certificate File from the CA.

    • Upload the Private Key File that was generated as part of the CSR.

  3. To associate the CA verified certificate for use with Orchestrator, click Upload.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.