Manage Certificates

The Certificates page provides access to the Technical Support Appliance certificate management features.

SSL Server Certificate Status

Configuring TSA installs the default TSA certificate that is delivered with the Technical Support Appliance. The SSL Server Certificate Status section displays information about the SSL server certificate that is installed in TSA. The certificate information includes Issued by, Issued to, Issued on, Expires on, Serial number, and Signature algorithm.

Click Generate and install a new Self-signed Certificate to install a self-signed certificate that is unique to this TSA. A warning message is displayed that the appliance restarts automatically after you generate and install a Self-signed certificate.
Note: To install back the default certificate, see section Installing the default certificate.
Note: The Generate and install a new Self-signed Certificate link is visible only if the default certificate is installed on TSA.

Certificate Authority Signing Request

You need to provide the following information to successfully generate and download the Certificate Signing Request (CSR) file.
  • Common Name: Enter the fully qualified host name (FQDN) of TSA. The minimum character limit is 1 and the maximum character limit is 64.
  • Organization Unit: Specify the organization name, which differentiates between divisions within an organization. For example, 'Hardware Development' or 'Human Resources'.
  • Organization: Specify the name of the corporation, limited partnership, university, or government agency.
  • City: Specify the city or locality name where the organization that is owning the console operates.
  • State: Specify the state or province name where the organization that is owning the console operates. If you are not sure of the state, type Unknown.
  • Country: Select the country name where the organization that is owning the console operates.
  • Number of days until expiration: Specify the number of days that the certificate is valid for, beginning from the time the certificate is created.

Click Generate and download Certificate Signing Request (CSR) file to create and download the CSR file with the specified information.

Upload and install custom certificate using signers (a certificate chain)

Use this feature to install a custom certificate. You need the server certificate that is generated by a Certificate Authority, the root certificate for the Certificate Authority, and any intermediate certificates for the Certificate Authority. Ensure that the certificate files (root, intermediate, and server certificate) are in any of the following formats -
  • .crt
  • .der
  • .pem
Go through the following steps to upload and install the certificates on the TSA:
  • Root Certificate file: Specify the location of the root certificate file that you want to install on the Technical Support Appliance.
  • Intermediate Certificate file: Specify the location of the intermediate certificate file that you want to install on the Technical Support Appliance.
    Note: There can be multiple (maximum of 3) intermediate certificate files based on the multiple signers that are imported.
  • TSA Certificate file: Specify the location of the TSA Server Certificate file that you want to install on the Technical Support Appliance.
  • Click Upload and install a Custom Certificate using Certificates chain to upload all the files (Root Certificate file, Intermediate certificate files, TSA certificate file) that you specified and install a custom certificate by using the chain of certificates.
Note: The Technical Support Appliance is automatically restarted when you install a custom certificate.
Note: To install back the default certificate, see section Installing the default certificate.

Custom Certificate Install

You can create and install a self-signed SSL server certificate or upload and install a custom SSL server certificate.
Note: The Technical Support Appliance is automatically restarted when you install an SSL server certificate.
  • Certificate password: Specify the password for the custom SSL server certificate.
  • Confirm password: Enter the password again. The two passwords that you enter are compared to confirm that they match.
  • Custom certificate file: Specify the location of the Java keystore file that contains the custom certificate that you want to install on the Technical Support Appliance.

Click Upload and install Complete JKS file to upload the Java keystore file that you specified and install a custom certificate. The Java keystore file must include the custom certificate and any relevant certificate authority root and intermediate certificates.

Note: To install back the default certificate, see section Installing the default certificate.

Installing the default certificate

To install back the default certificate, use Set Appliance certificate to default option that is specified in the TSA configuration file.

Go through the following steps to install the default certificate:
  1. Launch the TSA console.
  2. Select option 3) Set Appliance certificate to default from the TSA Config Menu.
  3. Confirm setting appliance certificate to default certificate [y|n]: Enter y to confirm setting the TSA certificate to the default certificate.
Once the default certificate is installed, TSA automatically restarts in 5 seconds. When the restart completes, your browser may display a security prompt regarding whether to trust the default certificate.