You can upload the key file, certificate file, and certificate bundle provided by the Certificate Authority.
To upload the CA files:
- Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
- Under User Management, click Secure Access.
Under General, complete the following:
- Select Server—by default, this is the IP address of a standalone Address Manager server. If running Address Manager in replication, use the drop-down menu to select the IP address of Primary or Standby Address Manager servers.
- HTTP—from the drop-down menu, select either
or Redirect to HTTPS.Note: Redirect to HTTPSSelecting Redirect to HTTPS will redirect users to HTTPS if they attempt to access Address Manager using HTTP. You must have HTTPS enabled to use Redirect to HTTPS.
- If the Address Manager domain name is configured to resolve to an IPv6 address, enabling Redirect to HTTPS will redirect the domain name in the URL to an IPv6 address, resulting in an unknown certificate warning in your browser. For more information, refer to knowledge base article 5978 on BlueCat Customer Care.
- HTTPS—from the drop-down menu, select
Enable.Important: Disabling HTTPS
You cannot disable HTTPS if HTTP is configured to redirect to HTTPS.
- Under Server Certificate Settings, select Custom.
- Select Load Custom Certificate.
Under Upload Certificate, complete the following:
- Use Previously Configured Private
Key—(optional) select to use the previously
configured private key stored in the Address Manager
- This check box is not clickable when loading a private CA key into Address Manager for the first time. After loading the CA certificate and bundle file and updating Address Manager, this check box will be selected by default (Address Manager stores one copy of the key in its database).
- Deselect this check box only if you want to upload a new private CA key. Address Manager will warn you that uploading a new private key will overwrite the key already stored in the Address Manager database.
- Private Key—(optional) click
Choose File to select the CA key file
(<common_name>.key) on your local machine or
workstation.Attention: The private key must comply with PKCS #8 standards.
- Use Password—(optional) select the check
box to provide security for the private key. Once selected, the
Password field opens.
- Password—enter an alphanumeric password to secure your private key.
- Domain Signed Certificate—click Choose File to select the CA certificate file (<common_name>.crt) on your local machine or workstation.
- Intermediate Bundle Certificate—click Choose File to select the CA certificate bundle (<common_name>.ca-bundle) on your local machine or workstation.
- Use Previously Configured Private Key—(optional) select to use the previously configured private key stored in the Address Manager database.
- Click Update. The Confirm Web Access Configuration opens.
Under Confirm Configuration, verify your
Listed changes will include the IP address of the Address Manager server, HTTPS or HTTPS status (enable/disable), and certificate type.
- Click Yes. The Address Manager server will be temporarily unavailable as the changes are committed and the server restarts.
- Log in to Address Manager once the configuration is compete.Note: After modifying HTTP or HTTPS, your browser might warn you about an unknown or invalid certificate. This warning will cease once you accept the certificate and log in to Address Manager.
- From the certificate warning, proceed to the site. Depending on your browser, this might entail clicking a button or creating an exception.