...
Info |
---|
By default, on PrivateServer it's installed one "*.madama.at" wildcard certificate as shown in Xref |
---|
AnchorName | default_certificate |
---|
|
|
Subtitle |
---|
Prefix | fig.figure |
---|
SubtitleText | The tabs to access the two section related with the certificate management |
---|
AnchorName | tls tabs |
---|
|
![](/docs/download/attachments/9964310/tls_certificates_tabs.png?version=1&modificationDate=1381239222149&api=v2&effects=drop-shadow)
|
From this page you can decide to view and delete your keypairs or the Certification Authority entries, using the tabs shown in the above
.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | link for creating new key and CSR or add new CAs |
---|
AnchorName | new_tls_new_ca |
---|
|
![](/docs/download/attachments/9964310/new_tls_keyp_new_ca.png?version=2&modificationDate=1395745602564&api=v2&effects=drop-shadow)
|
Instead if you need to create a new TLS key pair or add a new CA, then you have to use the buttons above the "TLS Keypair" list (the ones shown in
).
2.3.2 Create New Certificate
Add a new Certificate is a delicate matter, because it involves sensible informations like private Key
...
Note |
---|
This feature has changed since present version! |
In previous PrivateServer releases you had to paste private key, certificate and possibly CA root to add a new Certificate and thus validate your hostname for the services exposed. That method obliged Service Administrators to directly deal with Certificate's Private Key, which is kind of sensitive information. Also keypair creation and management had to take place somewhere else outside PrivateServer and then imported. As an improvement of both security and usability since present version you can (and must) deal with Certificates directly on PrivateServer. Certificate Creation has been Management and concealing. Adding a New Certificate on PrivateServer means that you can create your own Certificate Signing Request directly on PrivateServer and no need for external Private Key creation/management tools. Of course you need to have your CSR signed by a known Certificate Authority before you can actually use it.
Certificate Creation is thus split in two steps:
- New Key and CSR creation (before CA sign)
- Actual New Certificate upload (after CA sign)
New Key and CSR
So first of all you start by creating a CSR: click on the New Key and CSR link above the certificate table.
...
A warning confirming creation and a new row in TLS Keypair list shows generation process has been successful.
Notetip |
---|
Using this new Certificate creation process you no longer don't have to deal directly with Private Keys. |
...
Anyway you need to Download CSR before you're done with Certificate creation, so use first link shown in detailed view
.
New Certificate upload
Once you have your CSR you just follow instructions by CA of your choice to obtain a new Certificate. As it's done, you can get back to form in
and this time
Upload certificate.
...
Info |
---|
By default PrivateServer contains a default list of pre-loaded Certification Authorities. |
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | the default CA list |
---|
AnchorName | clean_CA_list |
---|
|
![](/docs/download/attachments/9964310/Default_CA_list.png?version=1&modificationDate=1381318911675&api=v2&effects=drop-shadow)
|
The new CA installation becomes mandatory because without a complete certificate chain the new TLS key pair would not be accepted by PrivateServer. If you need to upload a new certificate, click on the Add certification authority button above the certificate list table.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | New Certification Authority |
---|
AnchorName | new_CA |
---|
|
![](/docs/download/attachments/9964310/add_ca.png?version=1&modificationDate=1381240404391&api=v2&effects=drop-shadow)
|
You get the form shown in
which is pretty straightforward. You just have to cut 'n' paste the CA's content in the
Certificate box and click on the
Create button at the bottom.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | CA list updated |
---|
AnchorName | CA_list_updated |
---|
|
![](/docs/download/attachments/9964310/CAs_list_with_new_CA.png?version=1&modificationDate=1381318893256&api=v2&effects=drop-shadow)
|
...
In a day-by-day secure VoIP service administration it's not unusual to delete a TLS key pair. The procedure starts right at the Certificate Management page (the one shown in
Xref |
---|
AnchorName | default_certificate |
---|
|
.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | the TLS key pair list with a testing entry to be deleted |
---|
AnchorName | tls_key_pair_to_delete |
---|
|
![](/docs/download/attachments/9964310/tls_list_with_entry_to_delete.png?version=1&modificationDate=1381325803933&api=v2&effects=drop-shadow)
|
...
At the bottom of the form there's one Delete button. Just press it.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | the deletion is confirmed |
---|
AnchorName | tls_key_pair_deleted |
---|
|
![](/docs/download/attachments/9964310/tls_key_pair_deleted.png?version=1&modificationDate=1381325962110&api=v2&effects=drop-shadow)
|
...
You cannot edit an entry in the CA list, but you still can delete a CA and create a new one for replacement. That said, the way for deleting a CA entry is quite simple. From the CA list shown in
Xref |
---|
AnchorName | CA_list_updated |
---|
|
choose the CA you want to expunge and press the
Delete link in the last right column.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | CA's details |
---|
AnchorName | delete_CA_1 |
---|
|
![](/docs/download/attachments/9964310/Delete_CA_1.png?version=1&modificationDate=1381318919507&api=v2&effects=drop-shadow)
|
First you get a detail of the certificate you're going to delete. Just press the Delete button at the bottom and confirm your choice in the next pop up window.
Subtitle |
---|
Prefix | figfigure |
---|
SubtitleText | The CA list updated and the warning |
---|
AnchorName | delete_CA_2 |
---|
|
![](/docs/download/attachments/9964310/Delete_CA_2.png?version=1&modificationDate=1381318931668&api=v2&effects=drop-shadow)
|
...