Skip to main content
Skip table of contents

Transport Layer Security (TLS) Configuration

The following describes how to mange Transport Layer Security (TLS) certificates.

It may be necessary to renew the TLS certificate in order to comply with your company's security regulations. For example, to remove the security warning in the address bar of the browser.

Managing TLS certificates includes the following steps:

Create and Download a New Certificate Signing Request (CSR)

Your first step for renewing a TLS certificate is to create a new Certificate Signing Request (CSR).

  1. Log in to the Next Generation Hardware Appliance.

  2. Open the Security page.

  3. Go to the In TLS Certificates section, click Create New CSR to open the corresponding form.

Create New CSR

Key Algorithm

Select the cryptographic key algorithm to be used for the CSR from the drop down menu:
EC prime256v1 (default)

  • RSA 4096

  • RSA 3072

  • RSA 2048

Domains

Add the domain. You can enter any IPv4 or IPv6 address. The field also supports any domain name as well as wildcard domains and punycode.

Optional Fields

Common Name (CN)

Enter the Common Name (CN) to be included in the CSR.

State/Province (ST)
Country (C)

Enter the State/Province (ST) to be included in the CSR,
or select the Country (C) from the drop down menu:.

Locality (L)

Enter the Locality (L) to be included in the CSR.

Organization (O)

Enter the Organization (O) to be included in the CSR.

Click Create CSR to confirm your entries and create the CSR.

In the TLS Certificates list a new entry for the certificate is displayed.

In the column Status awaiting issuance will be shown

In the column Actions, click Download CSR to download and save the new CSR.

Have the new Certificate Signing Request signed to continue with creating a new certificate..

Create and Download the TLS Certificate

Certificate Rules

The Next Generation Hardware Appliance will check the new certificate against the following rules:

  • All domains in the certificate must match the ones in the generated CSR.

  • The public key of the certificate must match with the public key of the CSR.

  • The certificate chain of the certificate must be correct.

  • The certificate must have the digitalSignature flag set for KeyUsage.

  • The Extended Key Usage of the certificate must include server authentication.

Upload and Activate the TLS Certificate

The following describes how to activate the new certificate in the user interface of the Hardware Appliance:

  1. Log in to the Next Generation Hardware Appliance.

  2. Open the Security page.

  3. In the section TLS CERTIFICATES, click Upload Certificate for the certificate that is waiting for issuance.

  4. Select and upload the newly created TLS certificate.

  5. The option Activate Certificate appears. Click to activate the new certificate.
    The former certificate becomes inactive.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close