2.3.1 Introduction
The certificates management is related to the server name and the services provided (please refer to 2.2 Network Segregation for details about the certificate assignation to a specific NIC/IP/name). In order to provide to the client a sure match of your identity you need to load and configure a secure certificate bonded to your server name (ie: name.server.tld).
...
Instead if you need to create a new TLS key pair or add a new CA, then you have to use the buttons above the "TLS Keypair" list (the ones shown in
).
2.3.2 Create New Certificate
Add a new Certificate is a delicate matter, because it involves sensible informations like private Key Management and concealing. Adding a New Certificate on
means that you can create your own
Certificate Signing Request directly on
and no need for external Private Key creation/management tools. Of course you need to have your CSR signed by a known Certificate Authority before you can actually use it.
...
- New Key and CSR creation (before CA sign)
- New Certificate upload (after CA sign)
New Key and CSR
So first of all you start by creating a CSR: click on the New Key and CSR link above the certificate table.
...
Anyway you need to Download CSR before you're done with Certificate creation, so use first link shown in detailed view
.
New Certificate upload
Once you have your CSR you just follow instructions by CA of your choice to obtain a new Certificate. As it's done, you can get back to form in
and this time
Upload certificate.
...
| Warning |
|---|
Even if it's possible to extend Certificates validity period, it is a good practice to create a fresh new CSR each time instead. We also think it is wise to keep validity period of each Certificate just one year long. |
| Anchor |
|---|
| 2.3.3_add_certification_authority |
|---|
| 2.3.3_add_certification_authority |
|---|
|
2.3.3 Add Certification AuthorityYou might need to upload a new CA (Certification Authority) if you tried to install a Certificate which wasn't signed by an installed CA.
...
As shown in
| Xref |
|---|
| AnchorName | CA_list_updated |
|---|
|
the Certification Authority list shows a new entry. You can check the entry by subject (which is the entity that release the certificate) and the expiry Date (that shows how long the certificate is considered valid).
2.3.4 Delete TLS key pair
In a day-by-day secure VoIP service administration it's not unusual to delete a TLS key pair. The procedure starts right at the Certificate Management page (the one shown in
| Xref |
|---|
| AnchorName | default_certificate |
|---|
|
.
...
Confirm the deletion in the following pop-up windows. After that you get the new TLS key pair list without the deleted entry and with a warning which explains the entry has been deleted (as in
| Xref |
|---|
| AnchorName | tls_key_pair_deleted |
|---|
|
).
2.3.5 Delete Certification Authority
You cannot edit an entry in the CA list, but you still can delete a CA and create a new one for replacement. That said, the way for deleting a CA entry is quite simple. From the CA list shown in
| Xref |
|---|
| AnchorName | CA_list_updated |
|---|
|
choose the CA you want to expunge and press the
Delete link in the last right column.
...