Signing the Certificate Using a CA
Use the Certificate Signing tab to generate a signing request for the current certificate used by the appliance.
After the CA signs the request, use this tab to import the CA root certificate and the signed certificate.
If your organization's PKI policies dictate the use of one or more intermediate certificate authorities, an additional step is required to ensure that LogLogic LMI can properly verify the entire certificate trust chain.
The simplest configuration involves the LogLogic LMI certificate and a root certificate. In such a scenario, the root certificate is not just the root CA, but also the signing CA. This distinction is important when determining the sequence in which to paste the certificates:
- When using multiple CA certificates, consider the Root Certificate text box as a field that is used for the Issuing Certificate, and then all other CA certificates are added in the same box (see the step for multiple certificates).
- In situations involving a single CA certificate that serves as both the root and issuing CA, the intermediate CA is the signing CA and the root is still the root CA (see the step for
single certificates). There can be any number of intermediate CAs. The exact situation depends on your organization's policies.
Note: Some certificate authority software do not provide all the necessary files when returning your signed certificate, and some do not require any intermediate certificates. However, LogLogic LMI does require them if they are used in the certificate signing process. Therefore, if you do not know how many CA certificates to expect to be given when your signed host certificate is returned to you, then verify with your organization's PKI administrators whether your organization uses multiple CA certificates. There is no limit to the quantity of intermediate certificates that LogLogic LMI can use.
Prerequisites
Procedure
Copyright © Cloud Software Group, Inc. All rights reserved.