2.3.1 Introduction
The certificates management is related to the server name and the services provided (please refer to PSAM 2.2 Network Segregation for details about the certificate assignation to a specific NIC/IP/name). In order to provide to the client a sure match of your identity you need to load and configure a secure certificate bonded to your server name (ie: name.server.tld).
...
You can get the certificates configuration page using the Certificate Management link in the main menu. As shown above the default page is listing the installed TLS Keypair.
| Info |
|---|
By default, on the PrivateServer it's installed one "*.madama.at" wildcard certificate as shown in | Xref |
|---|
| AnchorName | default_certificate |
|---|
|
|
...
Instead if you need to create a new TLS key pair or add a new CA, then you have to use the buttons above the "TLS Keypair" list (the ones shown in
).
2.3.2 New TLS Key pair
If you need to upload a new certificate, click on the New TlsKeyPair link above the certificate table.
...
All the fields must be in pem PEM (Privacy Enhanced Mail) format and you just copy and paste each of them in the proper field. When your' done you just press the Create button on the bottom line and the certificates are ready to be assigned to an interface/IP.
| Anchor |
|---|
| 2.3.3_add_certification_authority |
|---|
| 2.3.3_add_certification_authority |
|---|
|
2.3.3 Add Certification AuthorityYou might need to upload a new CA (Certification Authority) if you tried to install a tis key pair not signed by an installed CA.
| Info |
|---|
By default PrivateServer contains a default list of pre-loaded Certification Authorities. |
| Subtitle |
|---|
| Prefix | fig |
|---|
| SubtitleText | the default CA list |
|---|
| AnchorName | clean_CA_list |
|---|
|
|
...
As shown in
| Xref |
|---|
| AnchorName | CA_list_updated |
|---|
|
the Certification Authority list shows a new entry. You can check the entry by subject (which is the entity that release the certificate) and the expiry Date (that shows how long the certificate is considered valid).
2.3.4 Delete TLS key pair
In a day-by-day secure VoIP service administration it's not unusual to delete a TLS key pair. The procedure starts right at the Certificate Management page (the one shown in
| Xref |
|---|
| AnchorName | default_certificate |
|---|
|
.
| Subtitle |
|---|
| Prefix | fig |
|---|
| SubtitleText | the TLS key pair list with a testing entry to be deleted |
|---|
| AnchorName | tls_key_pair_to_delete |
|---|
|
 Image Added |
In
| Xref |
|---|
| AnchorName | tls_key_pair_to_delete |
|---|
|
you can see we added an entry conveniently named
testing entry to be deleted and that's what we're going to do.
...
| Subtitle |
|---|
| Prefix | fig |
|---|
| SubtitleText | TLS key pair details |
|---|
| AnchorName | tls_details |
|---|
|
 Image Added |
First you click on the chosen entry and get a detail of the TLS key pair (as in
). At the page's bottom there's a
Delete button. Just press it.
| Subtitle |
|---|
| Prefix | fig |
|---|
| SubtitleText | the deletion is confirmed |
|---|
| AnchorName | tls_key_pair_deleted |
|---|
|
 Image Added
|
Confirm the deletion in the following pop-up windows. After that you get the new TLS key pair list without the deleted entry and with a warning which explains the entry has been deleted (as in
| Xref |
|---|
| AnchorName | tls_key_pair_deleted |
|---|
|
).2.3.5 Delete Certification Authority
You cannot edit an entry in the CA list, but you still can delete a CA and create a new one for replacement. That said, the way for deleting a CA entry is quite simple. From the CA list shown in
| Xref |
|---|
| AnchorName | CA_list_updated |
|---|
|
choose the CA you want to expunge and press the
Delete link in the last right column.
...