If a new CA certificate is uploaded for the currently configured and in-use X.509
authenticator, you must re-apply the certificate in order to make it effective.
To re-apply certificates to an existing X.509 authenticator:
-
Select the Settings tab in the sidebar.
-
Under System security, select
Authenticators.
-
Select the table row containing the existing X509 authenticator, then select
Edit in the expanded details section.
-
Select the Certificate tab.
-
In the CA certificate upload field, upload one or more
certificate(s) for the CA(s) issuing client certificates. If an issuing CA is an
intermediate (or sub-) CA, the chain of CA certificates up to and including a
root CA must also be present. All certificates must be in PEM format, and must
be contained in a single file (bundle).
Note: You can edit other
parameters while you are editing the X.509 authenticator.
However, modifying the Primary or Secondary server URL of the
currently configured and in-use X.509 authenticator will take
effect immediately once you edit and update the X.509
authenticator.
-
Select Save.
-
Select the Settings tab in the sidebar.
-
Under System security, select Web
access.
-
Under X509 authenticator—select the X.509 authenticator
you have modified with the new CA certificate. You can leave the other fields as
is.
-
Under Server certificate settings, select Reapply
certificates.
-
In the Change control
section, add comments if required.
-
Select Update web access settings. The Address Manager
server will be temporarily unavailable as the changes are committed and the
server restarts.
Result:
- Login to Address Manager once the configuration is compete.
Note: After modifying HTTP or
HTTPS, your browser might warn you about an unknown or invalid
certificate. This warning will cease once you accept the
certificate and log in to Address Manager.
- From the certificate warning, proceed to the site. Depending on your
browser, this might entail clicking a button or creating an exception.