Breadcrumbs

Creating TLS Server Side Certificate for Application Interface

This section describes how you check the currently used TLS certificate and how you use WebConf to create a new server TLS certificate for the Application Interface.

To check the currently used TLS certificate, proceed as follows:

  1. Open the Application Interface in the browser.

  2. Click the Padlock icon in the address bar of your browser and click More information.

  3. On the Info page, go to the Security tab and click View Certificate.

  4. Various information about the certificate is displayed. For Common Name (CN), you will find the value node1-ssl-app.

    This CN is based on the values selected during installation (both the host name in the network settings and the CN in the Management CA provide CNs in this certificate chain). The value may be different.


To create a new TLS server certificate for the Application Interface, proceed as follows:

  1. Open the tab Access > Server TLS certificates in WebConf.

  2. In the section Application Interface, click Renew.

    Access Server TLS certificates Renew.png


  3. Click Download CSR.

    Download CSR.png


  4. In the EJBCA Enterprise, search RA Functions in the side menu and click Search End Entities.

  5. In the Search end entity with username field, enter ssl_app and click Search.

    Search end entity with username.png


  6. In the search results table go to Actions click Edit next to End Entity.

    Actions click Edit.png

  7. The Edit End Entity form will open.
    In the Edit End Entity form, specify the following:

    • Status: Set to New

    • Password: Set to foo123

    • CN, Common name: Set to node1-ssl-app-new

    • Token (section Main certificate data): Set to User Generated
      End Entity form.png

  8. Scroll to end of the page and confirm your settings with Save.

  9. In the EJBCA Enterprise, navigate to the RA Web in the side menu.

  10. Open RA Web.

  11. From the top menu click the drop-down menu for Enroll.

  12. Chose Use Username.

    Enroll User Name.png

  13. Enter Username and Enrollment code to enroll
    Username: enter ssl_app
    Enrollment code: enter foo123


    Enter Username and Enrollment code.png



  14. Finalize Enrollment

    Click on Download PEM Full Chain.


    Screenshot 2024-08-21 at 12.03.04.png



  15. Save the PEM file with name node1tlsappnew.pem.

  16. In WebConf navigate to Access > Server TLS certificates

  17. Click the Browse button for Next chain to upload the file node1tlsappnew.pem.

  18. Click the action Activate to activate the certificate chain to the server.

    Access Server TLS certificates Activate.png


    The procedure will take a while until the new TLS certificate will be active.


  19. Confirm that the server is using the new certificate by refreshing the application pages and then trust the new connection when prompted. To verify the new certificate, proceed as described in the very first step: check the currently used TLS certificate.

  20. Verify the certificate used for the TLS connection and confirm that it is the new certificate with the new CN node1-tls-app-new.
    This new TLS certificate will now be used each time you login to the application interface.