Versions Compared

Old Version 20

changes.mady.by.user user-0f753

Saved on

compared with

New Version 21

changes.mady.by.user user-e1945

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2.3.1 Introduction

The certificates management is related to the server name and the services provided (please refer to PSAM 2.2 Network Segregation for details about the certificate assignation to a specific NIC/IP/name). In order to provide to the client a sure match of your identity you need to load and configure a secure certificate bonded to your server name (ie: name.server.tld).

...

You can get the certificates configuration page using the Certificate Management link in the main menu. As shown above the default page is listing the installed TLS Keypair. 

Info

By default, on the PrivateServer it's installed one "*.madama.at" wildcard certificate as shown in

Xref
AnchorNamedefault_certificate

...

Instead if you need to create a new TLS key pair or add a new CA, then you have to use the buttons above the "TLS Keypair" list (the ones shown in 

Xref
AnchorNamenew_tls_new_ca
).

2.3.2 New TLS Key pair

If you need to upload a new certificate, click on the New TlsKeyPair link above the certificate table.

...

All the fields must be in pem PEM (Privacy Enhanced Mail) format and you just copy and paste each of them in the proper field. When your' done you just press the Create button on the bottom line and the certificates are ready to be assigned to an interface/IP.

Anchor
2.3.3_add_certification_authority
2.3.3_add_certification_authority
2.3.3 Add Certification Authority

You might need to upload a new CA (Certification Authority) if you tried to install a tis key pair not signed by an installed CA. 

...

As shown in 

Xref
AnchorNameCA_list_updated
 the Certification Authority list shows a new entry. You can check the entry by subject (which is the entity that release the certificate) and the expiry Date (that shows how long the certificate is considered valid). 

2.3.4 Delete TLS key pair

In a day-by-day secure VoIP service administration it's not unusual to delete a TLS key pair. The procedure starts right at the Certificate Management page (the one shown in 

Xref
AnchorNamedefault_certificate
.

...

Confirm the deletion in the following pop-up windows. After that you get the new TLS key pair list without the deleted entry and with a warning which explains the entry has been deleted (as in 

Xref
AnchorNametls_key_pair_deleted
).

2.3.5 Delete Certification Authority

You cannot edit an entry in the CA list, but you still can delete a CA and create a new one for replacement. That said, the way for deleting a CA entry is quite simple. From the CA list shown in 

Xref
AnchorNameCA_list_updated
 choose the CA you want to expunge and press the Delete link in the last right column. 

...