SSL Certificate Configuration
Dinesh
Last Update 5 hari yang lalu
Overview
By default, SecOps Solution is installed with a self-signed SSL certificate to secure communication between the platform, agents, and web browsers.
For production environments, it is recommended to replace the default certificate with a certificate issued by either:
- An Internal Enterprise Certificate Authority (ADCS / PKI)
- A Public Certificate Authority (DigiCert, Sectigo, GlobalSign, Let's Encrypt, etc.)
Using a trusted certificate helps eliminate browser security warnings and simplifies certificate trust management across the environment.
Access SSL Certificate Settings
Step 1: Log in to the Platform
Open the SecOps web console:
Log in using an administrator account.
Step 2: Open Settings
Click the Profile icon in the upper-right corner and select Settings.
Step 3: Navigate to SSL Certificate
From the left navigation menu:
View Current Certificate
The SSL Certificate page displays details of the currently active certificate including:
- Certificate Type
- Common Name (CN)
- Issuer
- DNS Names
- IP Addresses
- Expiration Date
Generating a Certificate Signing Request (CSR)
Before obtaining a certificate from your Certificate Authority, you must generate a private key and CSR.
Generate Private Key
Generate CSR
This generates:
The CSR file can then be submitted to your internal or public Certificate Authority.
Option 1: Internal Enterprise CA
Organizations using Microsoft Active Directory Certificate Services (ADCS) or another internal PKI can submit the CSR to their Certificate Authority.
Recommended certificate requirements:
- SHA-256 or higher
- Server Authentication EKU
- Subject Alternative Name (SAN)
- DNS hostname used to access the platform
After approval, your CA may provide files similar to:
Option 2: Public Certificate Authority
You may also submit the CSR to a public CA such as:
- DigiCert
- Sectigo
- GlobalSign
- Let's Encrypt
After validation, the CA may provide:
If intermediate certificates are provided separately, combine them into a single chain file.
Example:
Upload a Custom Certificate
Scroll to the Upload Custom Certificate section.
Certificate File
Upload the signed server certificate.
Examples:
Private Key File
Upload the private key generated during CSR creation.
Example:
Requirements:
- PEM format
- Unencrypted private key
CA Certificate File (Optional)
When using an Internal Enterprise CA, upload the CA certificate.
Example:
This field is generally not required when using public Certificate Authorities.
Apply the Certificate
After uploading the required files:
- Review the selected certificate files.
- Click Upload & Apply.
- Wait for the certificate installation process to complete.
Important Note
Replacing an active SSL certificate may affect communication for agents that trust the previous certificate.
Before applying a new certificate:
Before applying a new certificate:
- Verify the hostname is correct.
- Ensure all required SAN entries are included.
- Schedule the certificate replacement during a maintenance window if agents are already deployed.
- Confirm agents trust the new certificate if required.
Verify the Certificate
After applying the certificate:
- Refresh the SSL Certificate page.
- Verify the new certificate details are displayed.
- Access the platform from a browser.
- Confirm there are no certificate warnings.
- Verify agents can communicate successfully with the platform.
Troubleshooting
Upload Fails
Verify:
- Certificate is in PEM format.
- The private key matches the certificate.
- The certificate chain is complete.
Browser Shows Certificate Warnings
Verify:
- The DNS name matches the certificate CN/SAN.
- Intermediate certificates are included.
- Internal CA root certificates are trusted by client systems.
Agents Cannot Connect After Certificate Replacement
Verify:
- Agents trust the new certificate.
- The hostname used by agents matches the certificate SAN entries.
- Required CA certificates are installed on managed systems.