The certificates screen allows you to import or create valid SSL certificates for a vendor or account, for use in the various interfaces, including Administration UI, API’s, IPP print and embedded terminal communications.
Trusted CA certificates
If the vendor or customer account are their own Certificate Authority (CA) and issues certificates for domain controllers, mail servers etc, those CA certificates can be imported to SAFEQ Cloud for LDAPS and similar.
Export the certificates from the remote server, to PEM or DER format, and click Import to import the trusted certificate.
Private certificate chains
To enable valid trusted SSL connections from clients to the SAFEQ Cloud server, either the administration Web UI in a Web browser, API connections, IPP printing or in embedded terminals, import a valid SSL certificate in PFX format.
PFX formats include both public and private keys required for a server to create the encrypted connection.
Generating certificate chains
Instead of importing a trusted certificate chain it is possible to generate it using the default HCP CA certificate as an issuer. Certificates can be generated for two purposes: TLS server security and token signing. When generating a TLS certificate please choose in the drop-down list the domain name to which this chain will be generated. Embedded clients will be able then to connect to this domain name without warning.
Generating a certificate chain for token signing
Some external clients require an authorization token when calling HCP public API functions. The token is only issued when there is a signing certificate chosen in the account PKI settings. By default each newly created account has a special signing certificate chain created which is also set as a default signing certificate in the PKI settings. It is possible to re-generate it manually or choose another certificate (e.g. import a trusted chain) for signing purposes.
Post your comment on this topic.