Table of Contents
Advertisement
Note
When a Web browser connects to the controller using SSL/TLS, the controller sends only its
own X.509 certificate to the browser. This means that if the certificate has been signed by an
intermediate certificate authority, and if the Web browser only knows about the root
certificate authority that signed the public key certificate of the intermediate certificate
authority, the Web browser does not get the whole certificate chain it needs to validate the
identity of the controller. Consequently, the Web browser issues security warnings.
To avoid this problem, make sure that you install the entire certificate chain when you install
a new certificate on the controller.
Note
An SNMP notification is sent to let you know when the controller SSL certificate is about to
expire if you enable the Notifications option on the Controller >> Management > SNMP
page and then select Configure Notifications and enable the Certificate about to expire
notification under Maintenance.
Certificate usage
To see the services that are associated with each certificate, select Security > Certificate
usage. With the factory default certificates installed, the page will look like this:
Service
Name of the service that is using the certificate. To view detailed information on the
certificate select the service name.
Authenticate to peer using
Name of the certificate and private key. The controller is able to prove that it has the private
key corresponding to the public key in the certificate. This is what establishes the controller
as a legitimate user of the certificate.
Number of associated CAs
Number of CA certificates used by the service.
Security
Working with certificates
12-9
Advertisement
Chapters
Table of Contents
