EcoStruxure IT forum
Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-08-31 04:36 AM
Dears,
In a project the customer prepare SSL certificate when we tried to add it it give us that the DCE does not support Chained certificates so we found a workaround on SE website as link below
https://www.apc.com/us/en/faqs/FA225532/
we followed the steps but we an error on step number 6 as photo below
We tried to add it as *.pem file and as a text but we got the same error that the SSL certificate is invaled.
and the same problem with the NetBotz 450 as the screenshot below
Thanks,
Mohamed
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-09-11 06:18 AM
When adding into the trust store you do not need the private key of that certificate. Private keys for the root and intermediary certs should never be imported into any other system for security reasons. You must use the CSR method from DCE to generate the certificate signing request and then get it signed by the CA. There is no way to generate your own cert/private key combo and import them into DCE. After getting the CSR signed, you should be provided with 1 or multiple files that contain the signed server certificate, intermediary certs (if applicable) and the root CA cert.
You should be importing the root cert and intermediary cert ONE at a time, repeating the process for each additional certificate:
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Do not add the server certificate into the Server SSL Certificates section, as that needs to be added after the root and intermediary certs are added. This is done within the desktop client under: System > Server Administration Settings > Web Server > Modify Certificate > Add Certificate. You can then paste in the certificate and add it:
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Regards,
Cory
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2020-09-11 06:18 AM
When adding into the trust store you do not need the private key of that certificate. Private keys for the root and intermediary certs should never be imported into any other system for security reasons. You must use the CSR method from DCE to generate the certificate signing request and then get it signed by the CA. There is no way to generate your own cert/private key combo and import them into DCE. After getting the CSR signed, you should be provided with 1 or multiple files that contain the signed server certificate, intermediary certs (if applicable) and the root CA cert.
You should be importing the root cert and intermediary cert ONE at a time, repeating the process for each additional certificate:
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Do not add the server certificate into the Server SSL Certificates section, as that needs to be added after the root and intermediary certs are added. This is done within the desktop client under: System > Server Administration Settings > Web Server > Modify Certificate > Add Certificate. You can then paste in the certificate and add it:
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Regards,
Cory
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.