Ask our Experts
Didn't find what you are looking for? Ask our experts!
The DCO server is installed with self-signed security certificate. When connecting to the server from a web browser, you may receive warnings about the security certificate. It is recommended, after the installation of DCO is complete, to purchase and install a security certificate issued by a trusted certificate authority.
To change the certificate on the DCO server, your SSL certificate be an Apache 2.x/PEM format certificate consisting of two files: *.key and *.crt.
See How to manually create a certificate signing request (CSR) from an ITA/DCO server
It is best practice to disable access to the web clients before starting to update any certificates to ensure no client is connected with a false certificate.
If your setup includes a disaster recovery node and you need a certificate on it, upload certificates to the DR server in the same way as for a standalone server.
Preparing a certificate for upload
Password
A password protected key is not supported. Strip the password from the key before uploading it.
Intermediate or certificate bundle
If your certificate chain requires an intermediate certificate, append it to the .cert file. When appending, ensure you include everything, including the lines: "-----BEGIN CERTIFICATE-----" & "-----END CERTIFICATE-----" as there may be several lines for this intermediate certificate.
No users in the system during upload
The Apache HTTPD server will be reloaded during this process, so ensure no users are using the system during the upload.
Uploading a certificate
- Open the Webmin web interface by selecting Administration>Webmin in the Data Center Operation web client.
Alternatively, type the address of your Data Center Operation server in a Web browser followed by :10000,https://<DCO server IP>:10000. - Log into Webmin using the user credentials created during the installation and in the left menu, select StruxureWare DC Operation.
- In the submenu, select Certificates.
- Follow the instructions on the page.
- Verify everything is working correctly by launching a web client and checking there's a green padlock icon in the address line.
