Manage the Library's SSL/TLS Certificate for HTTPS
Manage the Library's SSL/TLS Certificate for HTTPS
A certificate encrypts SSL/TLS traffic to and from the library. At initial installation, the
library has a default certificate. At a minimum, you should replace the default
certificate with a new self-signed certificate. Then, optionally, you can installed a
certificate signed by a certifying authority (CA).
Generate a Self-Signed Certificate
■
Install a Third-Party Signed Certificate
■
Generate a Self-Signed Certificate
A self-signed certificate is secure, but will require you to manually tell the browser to
trust the certificate before you can view the login screen. To eliminate this browser
security exception, you can install a certificate signed by a certifying authority (CA)
(see
"Install a Third-Party Signed Certificate"
Click Configuration in the left navigation area of the GUI.
1.
Click the Certificate tab, and then click New Certificate
2.
Enter in the certificate information.
3.
Install a Third-Party Signed Certificate
Installing a third-party certificate is a multistep process of submitting a certificate
signing request (CSR) to the CA, obtaining the certificate from the CA, and then
importing the certificate file to the library.
Install a Certificate Task 1: Verify the Library Has a Self-Signed Certificate
■
Install a Certificate Task 2: Export Certificate Signing Request (CSR) File
■
Install a Certificate Task 3: Obtain Required Certificates
■
Install a Certificate Task 4: Import the Certificate File
■
Install a Certificate Task 1: Verify the Library Has a Self-Signed Certificate
The library must have a self-signed certificate before installing a third-party signed
certificate. You cannot go directly from the default certificate to a third-party
certificate. To install the self-signed certificate, see
on page 4-10.
Install a Certificate Task 2: Export Certificate Signing Request (CSR) File
Click Configuration in the left navigation area of the GUI.
1.
Click the Certificate tab, and then click Export CSR
2.
Click Download.
3.
Submit the CSR to the third-party certifying authority (CA).
4.
Install a Certificate Task 3: Obtain Required Certificates
Verify that you have obtained the following before importing:
Primary certificate of the trust anchor CA (such as VeriSign's public primary root
■
CA)
4-10 StorageTek SL150 Modular Tape Library Guide
on page 4-10).
.
"Generate a Self-Signed Certificate"
.