Server Certificates
Server Certificates
Selecting Menu Bar → 
→ Server Certificates displays the Server Certificate dashboard. The Server Certificates tab highlights.
There are features and functions used in UNUM Manager and UNUM Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.
The UNUM Configuration Server Certificates module provides a convenient method of installing certificates.
To manage UNUM Server Certificates, click the Server Certificates link.
Details about the server certificates running on UNUM are presented to the administrator.
UNUM Platform Configuration Certificate Authority Dashboard
Install Server Certificates by clicking on Upload.
To upload a Server Certificate, click Upload. The following interface is launched.
UNUM Platform Configuration Certificate Upload Dialog
Click OK to continue or Cancel to return to the previous screen without making any changes.
UNUM Platform Configuration Certificate Authority Upload Server Certificate
Drag and drop the certificate and key files in the appropriate areas and click Upload.
Click Cancel to return to the previous screen without making any changes.
UNUM will log you out of the system and you must login to resume using UNUM.
Replacing a Server Certificate
UNUM deploys with a "self-signed" certificate to support HTTPS SSL connectivity.
Admins wishing to replace the UNUM default self-sign certificate with a signed external Certificate Authority (CA) should use the following process:
•Create the CSR (Certificate Signing Request) and a Private Key.
•Submit the CSR to a CA Authority to generate the certificate or generate a self-signed certificate.
•Use UNUM to upload the certificate and the private key.
The following example details the steps for creating the server.crt and server.key files using either an online CSR and key generator provider or OpenSSL command from your UNUM instance.
Step One:
Generate the CSR and private key using either an online provider or OpenSSL.
Online provider - https://www.ssl.com/online-csr-and-key-generator/ - Complete the requisite information and download the CSR and private key.
OpenSSL - Login to your UNUM instance and run the following command. Substitute your custom values for key and CSR names and complete the form per the OpenSSL instructions.
|
openssl req -new -nodes -keyout private.key -out unum.csr |
Step Two:
Submit the CSR to your CA signing authority to create the required .pem certificate file, for example, unumcert.pem, and download the new certificate.
Self-signing a certificate is an option. Follow the steps provided by your self-signing tool to generate the self-signed certificate. For example:
|
openssl req -newkey <key-algo>:<key-size> -x509 -<message-digest-algorithm> -days <no of days for which certificate is valid> -nodes -out <certificate-filename>.crt -keyout <private-key-filename>.key |
Caution: When self-signing a certificate, you will need to manually install the self-signed certificate on each machine running the browser which accesses UNUM to avoid security warnings.
Step Three:
Upload the certificate and private key using the UNUM per the instructions documented above.
Step Four:
Verify the certificate installation in the UNUM Server Certificate dashboard.
Alternatively, using your local OpenSSL command, view the certificate details using the following command in the directory containing the certificate file:
|
openssl x509 -in unumcert.pem -text |
Note: To avoid browser access security errors messages a FQDN entry must exist for the UNUM instance in your DNS server or local hosts file.