The ExtremeCloud IQ Site Engine server uses a private key and server certificate to provide secure communication for administrative web pages, ExtremeCloud IQ Site Engine and ExtremeControl Dashboard tools, and for internal communication between servers. Use the Update Server Certificate window to replace the ExtremeCloud IQ Site Engine server certificate. Access this window from the Administration > Certificates tab.
During installation, ExtremeCloud IQ Site Engine generates a unique private server key and server certificate. While these provide secure communication, there can be cases where you want to update the ExtremeCloud IQ Site Engine server certificate to a custom certificate provided from an external certificate authority, or add certificates in order to meet the requirements of external components with which ExtremeCloud IQ Site Engine must communicate. Additionally, you can use a "browser-friendly" certificate so that users don't see browser certificate warnings when they access web pages. For complete instructions on replacing and verifying the certificate, see How to Update the Server Certificate.
After you have updated the certificate, you must restart the ExtremeCloud IQ Site Engine server to deploy the new private key and server certificate.
| NOTE: | Whenever the ExtremeCloud IQ Site Engine server certificate is changed, other ExtremeCloud IQ Site Engine components can be affected by the change and stop trusting the server. You can specify how ExtremeCloud IQ Site Engine clients and other servers handle updated certificates by configuring the client trust mode and server trust mode settings. Before updating the ExtremeCloud IQ Site Engine server certificate, be sure that the client and server trust modes are configured to trust the new certificate. For more information, see Update Client Certificate Trust Mode window and Update Server Certificate Trust Mode window. |
|---|
Drag and drop files containing the private key, the server certificate, and any intermediate (chained) certificates provided by the certificate authority. Add the files in any order. For complete instructions on replacing and verifying the certificate using this option, see How to Update the ExtremeCloud IQ Site Engine Server Certificate.
| NOTE: | Provide certificates for all certificate authorities that need to be trusted. You cannot append to an existing list. |
|---|
- Use a password to access the private key
- Select the checkbox and supply the private key password in the field, if the private key is encrypted with a password. If you do not have the private key, refer to the instructions for generating them.
- Use a password to access the PKCS#12 keystore
- Select the checkbox and supply the keystore password in the field, if the PKCS#12 keystore is protected with a password.
- Generate Certificate
- Select Generate Certificate to automatically generate a new private key and certificate using the same method that occurs when ExtremeCloud IQ Site Engine is installed. Using this method does not require you to provide any files or passwords.
- OK
- Select OK to save your changes.
After the ExtremeCloud IQ Site Engine server is restarted, the Administration > Certificates tab displays the following updated information:
- Private Key
- Issued To
- Issued By
- Valid Dates
For information on related help topics: