Installing an HTTPS SSL Certificate
Launch Certificates Option
- Launch the Administration & Configuration Console (URL: https://{gridguard server}:8443/admin) and select the 'Manage Certificates' option. The certificates management page is displayed
- The GridGuard HTTPS certificate is the certificate used when accessing the GridGuard server via HTTPS requests on port 443.
- The Admin HTTPS certificate is the certificate used when accessing the GridGuard server via HTTPS requests on port 8443.
- The LDAP Certificate is the certificate used when accessing the GridGuard server via LDAPS over port 636.
The method for updating the certificate for each of the 3 certificates is the same. So, choose the appropriate tab and follow instructions provided below.
Encryption Key Setting
- Choose the 'Encryption Key' section
- The strength of the currently installed encryption key is displayed. If you are satisfied with the strength of the currently installed key, skip to the next step
- To overwrite the existing key and generate a new one, specify the new key strength and click 'Re-generate Key'
- To export the currently installed key (either for importing into another machine or for storage in a safe certificate store), specify a password that will be used to encrypt the key, and click 'Export Key'
- To import a key, provide the pass phrase that was provided while exporting the key, copy & paste the key data and click 'Import Key'
Note: Updating the encryption key will result in the CSR being updated & the SSL certificate being replaced with a self-signed certificate.
Generate Certificate Signing Requests (CSR)
- Select the 'Certificate Signing Requests (CSRs) section
- Update Country name
- Update State or province full name
- Update Locality Name (city)
- Update Organization Name (company)
- Update Unit Name (dept.)
- Update full qualified domain name of the server. This should be the name that clients will use to refer to the gridguard server.
- Update Administrator's email address
- Click 'Update CSR Details' to save the information
- Click 'Export CSR' to save the CSR file locally.
Provide the CSR file to your Certificate Authority of choice. They will in return, provide you with an SSL Certificate. You will import this certificate into the system in the next step.
Importing the Certificate
- Select the 'SSL Certificate' section
- Cut and paste the Certificate that has been provided to you by the Certificate Authority
- Some certificates will need one or more intermediate certificates for validation. If your Certificate Authority provides you with intermediate certicate(s), cut and paste these into the field
- Click 'Install Certificate' to complete the installation.
Certificate installation will take a few minutes to complete once you click the 'Install Certificate' button. This is normal.