Skip to main content
Skip table of contents

Security: Managing TLS Certificates

The following describes how to renew a TLS certificate. Renewing the TLS certificate may be required to meet your company's security rules. For example, to remove the security warning in the address bar of the browser.

Managing TLS certificates includes the following steps.

Create and Download a New CSR

Your first step for renewing a TLS certificate is to create a new CSR (Certificate Signing Request).

  1. Log in to your Software Appliance and open the Security page.
  2. In the TLS CERTIFICATES section, click Create New CSR to open the corresponding form.
  3. Select the Key Algorithm.

    • EC prime256v1 (default)
    • RSA 4096
    • RSA 3072
    • RSA 2048
  4. Add Domains. You can enter any IPv4 or IPv6 address. The field also supports any domain name as well as wildcard domains.

  5. Optionally specify the State/Province (ST) with Country (C), the Locality (L), and the Organization (O) that you want to add to the CSR.
  6. Click Create CSR to confirm your entries and create the CSR. The TLS Certificates list displays a line for the certificate awaiting issuance.
  7. In this line, click Download CSR to download and save the new CSR:

You can now proceed with creating a new certificate.

Create and Download the TLS Certificate

Next, to activate the new certificate, see Upload and Activate the TLS Certificate.

Certificate Rules

The Software Appliance will check the new certificate against the following rules:

  • All domains in the certificate must match the ones in the generated CSR.
  • The public key of the certificate must match with the public key of the CSR.
  • The certificate chain of the certificate must be correct.
  • The certificate must have the digitalSignature flag set for KeyUsage.
  • The Extended Key Usage of the certificate must include server authentication.

Upload and Activate the TLS Certificate

The following describes how to activate the new certificate in the user interface of the Software Appliance:

  1. Log in to your Software Appliance and open the Security page.
  2. In the section TLS CERTIFICATES, click Upload Certificate for the certificate that is waiting for issuance:

  3. Select and upload the newly created TLS certificate.
  4. The option Activate Certificate appears. Click to activate the new certificate. The former certificate becomes inactive:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.