Creating TLS Server Side Certificate for Application Interface
This section describes how you check the currently used TLS certificate and how you use WebCof to create a new server TLS certificate for the Application Interface.
To check the currently used TLS certificate, proceed as follows:
- Open the Application Interface in the browser.
Click the Padlock icon in the address bar of your browser and click More information:EJBCA TLS check
On the Info page, go to the Security tab and click View Certificate:EJBCA TLS check certificate
Various information about the certificate is displayed. For Common Name (CN), you will find the value node1-tls-app:EJBCA CN value for TLS
To create a new TLS server certificate for the Application Interface, proceed as follows:
Open the tab Access > Server TLS certificates in WebConf.
In the section Application Interface, click Generate new key pair.WebConf Access tab
Click Create CSR to create a CSR.WebConf Create CSR
Click Download CSR to download the CSR.WebConf Download CSR
In the EJBCA Admin Web, go to RA Functions > Search End Entities.
In the Search end entity with username field, enter tls_app and click Search.EJBCA Search End Entities
In the Edit End Entity page, specify the following:
EJBCA Edit End Entity
- Status: Set to New
- Password: Set to foo123
- CN, Common name: Set to node1-tls-app-new
- Token (section Main certificate data): Set to User Generated
Navigate to the Public Web and click Create Certificate from CSR in the section Enroll.EJBCA Create Certificate from CSR
In the Enroll page, specify the following and click OK:
- Username: Set to tls_app
- Enrollment code: Set to foo123
- Request file: Click Browse and select the file appliance-app.csr.pem
- Result type: Set to PEM - full certificate chain.
Save the PEM file with name node1tlsappnew.pem.EJBCA Save certificate chain
- Navigate to Access > Server side SSL/TLS configuration in Web Conf and click the Browse button for Next chain to upload the file node1tlsappnew.pem.
Click the action Activate new cert to activate the certificate chain to the server. The procedure will take a while until the new TLS certificate will be active.WebConf: Activate certificate chain
- Confirm that the server is using the new certificate by refreshing the application pages and then trust the new connection when promped. The new certificate is displayed as shown in figure EJBCA TLS check.
Verify the certificate used for the TLS connection and confirm that it is the new certificate with the new CN node1-tls-app-new.EJBCA TLS cert CN
This new TLS certificate will now be used each time you login to the application interface.