Views:
You can manage the certificates that are used for authenticating administrators accessing the Web console.
NOTICE
NOTICE
After saving the configuration performed in this procedure, the Web console will be restarted. After several seconds, manually re-log-on to the Web console. Since the certificate has been changed, the browser might not log on the user to the Web console automatically.
The recommendation is to perform this operation during non-work time.

Procedure

  1. Go to AdministrationSystem SettingsManagement portal service.
  2. Specify the Management portal FQDN, the administrator can access the web console with this FQDN.
    Note
    Note
    Administrators must add correct DNS records for the management portal’s FQDN: add eth0’s IP address as a resolving record for management portal FQDN in DNS server.
    If users want to import their own certificate and private key, the FQDN entered must match the subject alternative name or common name in the certificate.
  3. Under Assign certificate, select one of the following:
    The certificate is used to sign an endpoint certificate for the administrative Web console.
    Option
    		 Description
    Assign by importing certificate
    To import a certificate manually.
    Assign by HTTPS policy
    To use the CA certificate from a specified HTTPS Inspection policy.
    Important
    Important
    Before selecting and configuring an authentication certificate using the Assign by HTTPS policy option, you should ensure that the CA certificate of the selected HTTPS Inspection policy is installed on client machines before changing the Web console’s certificate. This ensures that clients/browsers can build a complete certificate chain.
  4. Perform the appropriate steps, depending on method of certificate assignment.
    Method
    		 Steps to Take
    Assign by importing certificate
    1. Select the Import type:
      • PEM/DER
        The certificate file is in PEM or DER file format.
      • PKCS7
        The certificate file is in P7B or PKCS#7 file format.
      • PKCS12
        The certificate file is in PFX or PKCS#12 file format.
    2. In Certificate, browse and choose the certificate file.
    3. For the PEM/DER and PKCS7 formats: In Private key, browse and choose the private key file for the certificate file.
    4. Enter the password of the private key and then confirm it.
    5. Click Verify Certificate to verify that the certificate is valid.
    Assign by HTTPS policy
    1. In Assign from HTTPS policies select the HTTPS Inspection policy with the CA certificate that will be used to sign an endpoint certificate for the Web console.
    2. Verify the correct HTTPS Inspection policy is selected.
    Note
    Note
    When using the CA certificate from an HTTPS Inspection certificate to sign an endpoint certificate:
    • CommonName = management portal FQDN of Deep Discovery Web Inspector appliance
    • Signature algorithm: sha256RSA
    • Subject Alternative Name: DNS Name = management portal FQDN of Deep Discovery Web Inspector appliance
  5. Click Save.
Keywords: managing,managing management portal service,certificates,using as the authentication certificate,management portal service,system settings, authentication portal service